the veil framework
TRANSCRIPT
THE VEIL FRAMEWORKSUKESH SHETTY
WHO AM I ? Working with NII Consulting as a Senior Consultant
Certified to CEH v 8, ISO 27001:2013, 22301:2012,20000-2011 LA, CCNA
Web Pen testing, VAPT, Network Security, ISMS & BCMS Implementation & Maintenance, IT Risk Assessments & Security Auditing
AGENDA The Veil Framework Veil-EvasionGenesisVeil-Evasion ApproachVeil-Evasion FeaturesDemo• Veil-Catapult• Veil-Pillage• Veil-Ordinance
THE VEIL FRAMEWORK Created by Veris Group Security Researchers i.e Will Schroeder,
Chris Truncer, Michael Wright A toolset aiming to bridge the gap between pentesting and red
teaming capabilitiesVeil-Evasion: flagship tool, generates AV-evading executablesVeil-Catapult: initial payload delivery toolVeil-PowerView: situational awareness with PowershellVeil-Pillage: fully-fledged post-exploitation frameworkVeil-Ordinance: a tool that can be used to quickly generate valid
stager shellcode
VEIL-EVASION : GENESIS Antivirus can’t catch malware but does catch pentesters
SOLUTION Security Experts : Will Schroeder, Chris Truncer, Michael Wright
found a way to execute existing shellcode in an av-evading way i.e Veil-Evasion
VEIL-EVASION APPROACH Veil Evasion does its’ work by:Using an aggregation of various shellcode injection techniques
across multiple languagesHaving a focus on automation, usability, and developing a true
frameworkUsing some shellcodeless Meterpreter stagers and “auxiliary”
modules as well
VEIL-EVASION FEATURES Can use either Metasploit generated or custom written shellcodeMetasploit Framework payloads/options are dynamically loaded Third-party tools can be easily integratedHyperion, PE Scrambler, Backdoor Factory, etc. Command line switches add in script-ability Check payload hashes against VirusTotal
VEIL-CATAPULT A basic payload delivery tool Tight integration with Veil-Evasion for on-the-fly payload
generation, can upload/execute or host/execute Cleanup scripts generated for payload killing and deletion Now obsoleted with the release of Veil-Pillage
VEIL-PILLAGE A post-exploitation framework Multiple trigger options (wmis, psexec, etc.) Completely modular, making it easy to implement additional post-exploitation actions Comprehensive logging and cleanup capabilities
VEIL-ORDINANCE Fast Shellcode Generation tool 6 different payloadsMost commonly used payloads (rev_tcp, bind_tcp, rev_https, rev_http, rev_tcp_dns, rev_tcp_all_ports)All payloads were ported from MSF
• 1 current encoderSingle Byte Xor Encoder
QUESTIONS??? [email protected] Twitter : @sukeshs89
Get the Veil-Framework:Github: https://github.com/Veil-Framework/Now in Kali! apt-get install veilRead more: https://www.veil-framework.com
REFERENCES
• https://www.veil-framework.com/ http://www.slideshare.net/VeilFramework/av-evasion-with-the-veil-framework-30196828
http://www.slideshare.net/VeilFramework/the-veilframework