BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: Badrats: Initial Access Made Easy\n   When: Friday\,
  Aug 12\, 14:00 - 15:55 PDT\n   Where: Caesars Forum - Society Boardroom (
 Demo Labs) - [1]Map\n   Speakers:Kevin Clark\,Dominic “Cryillic” Cunni
 ngham\n\n   SpeakerBio:Kevin Clark\n   Kevin Clark is a Software Developer
  at Def-Logix focused on\n   development of offensive security tools. His 
 previous work includes\n   Penetration Testing and Red Team Operator\, foc
 using on initial access\n   and active directory exploitation. Kevin contr
 ibutes to open-source\n   tools such as PowerShell Empire and publishes cu
 stom security toolkits\n   such as Badrats and WindowsBinaryReplacements. 
 Kevin authors a\n   cybersecurity blog at [2]https://henpeebin.com/kevin/b
 log.\n   Twitter: [3]@GuhnooPlusLinux\n\n   SpeakerBio:Dominic “Cryillic
 ” Cunningham\n   Dominic “Cryillic” Cunningham is a Red Team Content
  Engineer for\n   TryHackMe\, a large cybersecurity education platform. He
  is currently\n   pursuing a degree in computing security with a focus in 
 digital\n   forensics and malware. His work includes general adversary emu
 lation\,\n   offensive operations\, and evasion. He specializes in researc
 hing and\n   documentation of Evasion Techniques\, Windows Internals\, and
  Active\n   Directory. Most of his work and research has been published at
  [4]https://www.tryhackme.com\,\n   where he has also developed and releas
 ed numerous CTF boxes and\n   enterprise-level ranges.\n\n   Description:\
 n   Remote Access Trojans (RATs) are one of the defining tradecraft for\n 
   identifying an Advanced Persistent Threat. The reason being is that\n   
 APTs typically leverage custom toolkits for gaining initial access\, so\n 
   they do not risk burning full-featured implants. Badrats takes\n   chara
 cteristics from APT Tactics\, Techniques\, and Procedures (TTPs)\n   and i
 mplements them into a custom Command and Control (C2) tool with a\n   focu
 s on initial access and implant flexibility. The key goal is to\n   emulat
 e that modern threat actors avoid loading fully-featured\n   implants unle
 ss required\, instead opting to use a smaller staged\n   implant. Badrats 
 implants are written in various languages\, each with\n   a similar yet li
 mited feature set. The implants are designed to be\n   small for antivirus
  evasion and provides multiple methods of loading\n   additional tools\, s
 uch as shellcode\, .NET assemblies\, PowerShell\, and\n   shell commands o
 n a compromised host. One of the most advanced TTPs\n   that Badrats suppo
 rts is peer-to-peer communications over SMB to allow\n   implants to commu
 nicate through other compromised hosts.\n\n   Audience: Offense\n\n   '\n\
 n   1. https://defcon.outel.org/consolidated_page.html#CaesarsSummitBR\n  
  2. https://henpeebin.com/kevin/blog.\n   3. https://twitter.com/GuhnooPlu
 sLinux\n   4. https://www.tryhackme.com\,\n\n\n
DTEND:20220812T225500Z
DTSTART:20220812T210000Z
LOCATION:DL - Caesars Forum - Society Boardroom (Demo Labs)
SUMMARY:Badrats: Initial Access Made Easy
END:VEVENT
END:VCALENDAR