THE VEIL FRAMEWORK
-
Upload
sukesh-shetty -
Category
Education
-
view
63 -
download
6
Transcript of THE VEIL FRAMEWORK
![Page 1: THE VEIL FRAMEWORK](https://reader036.fdocuments.in/reader036/viewer/2022062316/58cfa1d71a28ab6b088b4ef5/html5/thumbnails/1.jpg)
THE VEIL FRAMEWORKSUKESH SHETTY
![Page 2: THE VEIL FRAMEWORK](https://reader036.fdocuments.in/reader036/viewer/2022062316/58cfa1d71a28ab6b088b4ef5/html5/thumbnails/2.jpg)
WHO AM I ? Working with NII Consulting as a Senior Consultant
Certified to CEH v 8, ISO 27001:2013, 22301:2012,20000-2011 LA, CCNA
Web Pen testing, VAPT, Network Security, ISMS & BCMS Implementation & Maintenance, IT Risk Assessments & Security Auditing
![Page 3: THE VEIL FRAMEWORK](https://reader036.fdocuments.in/reader036/viewer/2022062316/58cfa1d71a28ab6b088b4ef5/html5/thumbnails/3.jpg)
AGENDA The Veil Framework Veil-EvasionGenesisVeil-Evasion ApproachVeil-Evasion FeaturesDemo• Veil-Catapult• Veil-Pillage• Veil-Ordinance
![Page 4: THE VEIL FRAMEWORK](https://reader036.fdocuments.in/reader036/viewer/2022062316/58cfa1d71a28ab6b088b4ef5/html5/thumbnails/4.jpg)
THE VEIL FRAMEWORK Created by Veris Group Security Researchers i.e Will Schroeder,
Chris Truncer, Michael Wright A toolset aiming to bridge the gap between pentesting and red
teaming capabilitiesVeil-Evasion: flagship tool, generates AV-evading executablesVeil-Catapult: initial payload delivery toolVeil-PowerView: situational awareness with PowershellVeil-Pillage: fully-fledged post-exploitation frameworkVeil-Ordinance: a tool that can be used to quickly generate valid
stager shellcode
![Page 5: THE VEIL FRAMEWORK](https://reader036.fdocuments.in/reader036/viewer/2022062316/58cfa1d71a28ab6b088b4ef5/html5/thumbnails/5.jpg)
VEIL-EVASION : GENESIS Antivirus can’t catch malware but does catch pentesters
![Page 6: THE VEIL FRAMEWORK](https://reader036.fdocuments.in/reader036/viewer/2022062316/58cfa1d71a28ab6b088b4ef5/html5/thumbnails/6.jpg)
SOLUTION Security Experts : Will Schroeder, Chris Truncer, Michael Wright
found a way to execute existing shellcode in an av-evading way i.e Veil-Evasion
![Page 7: THE VEIL FRAMEWORK](https://reader036.fdocuments.in/reader036/viewer/2022062316/58cfa1d71a28ab6b088b4ef5/html5/thumbnails/7.jpg)
VEIL-EVASION APPROACH Veil Evasion does its’ work by:Using an aggregation of various shellcode injection techniques
across multiple languagesHaving a focus on automation, usability, and developing a true
frameworkUsing some shellcodeless Meterpreter stagers and “auxiliary”
modules as well
![Page 8: THE VEIL FRAMEWORK](https://reader036.fdocuments.in/reader036/viewer/2022062316/58cfa1d71a28ab6b088b4ef5/html5/thumbnails/8.jpg)
VEIL-EVASION FEATURES Can use either Metasploit generated or custom written shellcodeMetasploit Framework payloads/options are dynamically loaded Third-party tools can be easily integratedHyperion, PE Scrambler, Backdoor Factory, etc. Command line switches add in script-ability Check payload hashes against VirusTotal
![Page 9: THE VEIL FRAMEWORK](https://reader036.fdocuments.in/reader036/viewer/2022062316/58cfa1d71a28ab6b088b4ef5/html5/thumbnails/9.jpg)
VEIL-CATAPULT A basic payload delivery tool Tight integration with Veil-Evasion for on-the-fly payload
generation, can upload/execute or host/execute Cleanup scripts generated for payload killing and deletion Now obsoleted with the release of Veil-Pillage
![Page 10: THE VEIL FRAMEWORK](https://reader036.fdocuments.in/reader036/viewer/2022062316/58cfa1d71a28ab6b088b4ef5/html5/thumbnails/10.jpg)
VEIL-PILLAGE A post-exploitation framework Multiple trigger options (wmis, psexec, etc.) Completely modular, making it easy to implement additional post-exploitation actions Comprehensive logging and cleanup capabilities
![Page 11: THE VEIL FRAMEWORK](https://reader036.fdocuments.in/reader036/viewer/2022062316/58cfa1d71a28ab6b088b4ef5/html5/thumbnails/11.jpg)
VEIL-ORDINANCE Fast Shellcode Generation tool 6 different payloadsMost commonly used payloads (rev_tcp, bind_tcp, rev_https, rev_http, rev_tcp_dns, rev_tcp_all_ports)All payloads were ported from MSF
• 1 current encoderSingle Byte Xor Encoder
![Page 12: THE VEIL FRAMEWORK](https://reader036.fdocuments.in/reader036/viewer/2022062316/58cfa1d71a28ab6b088b4ef5/html5/thumbnails/12.jpg)
QUESTIONS??? [email protected] Twitter : @sukeshs89
Get the Veil-Framework:Github: https://github.com/Veil-Framework/Now in Kali! apt-get install veilRead more: https://www.veil-framework.com
![Page 13: THE VEIL FRAMEWORK](https://reader036.fdocuments.in/reader036/viewer/2022062316/58cfa1d71a28ab6b088b4ef5/html5/thumbnails/13.jpg)
REFERENCES
• https://www.veil-framework.com/ http://www.slideshare.net/VeilFramework/av-evasion-with-the-veil-framework-30196828
http://www.slideshare.net/VeilFramework/the-veilframework