Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

THE VEIL FRAMEWORK

145 views

Published on

The VEIL FRAMEWORK toolset:
Evading AV - Veil-Evasion
Paylaod Delivery - Veil-Catapult
Post Exploitation - Veil-Pillage
Shellcode Generation - Veil-Ordinance

Published in: Education
  • Be the first to comment

  • Be the first to like this

THE VEIL FRAMEWORK

  1. 1. THE VEIL FRAMEWORK SUKESH SHETTY
  2. 2. WHO AM I ?  Working with NII Consulting as a Senior Consultant  Certified to CEH v 8, ISO 27001:2013, 22301:2012,20000-2011 LA, CCNA  Web Pen testing,VAPT, Network Security, ISMS & BCMS Implementation & Maintenance, IT Risk Assessments & Security Auditing
  3. 3. AGENDA  TheVeil Framework  Veil-Evasion Genesis Veil-Evasion Approach Veil-Evasion Features Demo • Veil-Catapult • Veil-Pillage • Veil-Ordinance
  4. 4. THEVEIL FRAMEWORK  Created byVeris Group Security Researchers i.e Will Schroeder, ChrisTruncer, Michael Wright  A toolset aiming to bridge the gap between pentesting and red teaming capabilities Veil-Evasion: flagship tool, generates AV-evading executables Veil-Catapult: initial payload delivery tool Veil-PowerView: situational awareness with Powershell Veil-Pillage: fully-fledged post-exploitation framework Veil-Ordinance: a tool that can be used to quickly generate valid stager shellcode
  5. 5. VEIL-EVASION : GENESIS  Antivirus can’t catch malware but does catch pentesters
  6. 6. SOLUTION  Security Experts :Will Schroeder, Chris Truncer, Michael Wright found a way to execute existing shellcode in an av-evading way i.eVeil-Evasion
  7. 7. VEIL-EVASION APPROACH  Veil Evasion does its’ work by: Using an aggregation of various shellcode injection techniques across multiple languages Having a focus on automation, usability, and developing a true framework Using some shellcodeless Meterpreter stagers and “auxiliary” modules as well
  8. 8. VEIL-EVASION FEATURES  Can use either Metasploit generated or custom written shellcode Metasploit Framework payloads/options are dynamically loaded  Third-party tools can be easily integrated Hyperion, PE Scrambler, Backdoor Factory, etc.  Command line switches add in script-ability  Check payload hashes againstVirusTotal
  9. 9. VEIL-CATAPULT  A basic payload delivery tool  Tight integration withVeil-Evasion for on-the-fly payload generation, can upload/execute or host/execute  Cleanup scripts generated for payload killing and deletion  Now obsoleted with the release ofVeil-Pillage
  10. 10. VEIL-PILLAGE  A post-exploitation framework  Multiple trigger options (wmis, psexec, etc.)  Completely modular, making it easy to implement additional post-exploitation actions  Comprehensive logging and cleanup capabilities
  11. 11. VEIL-ORDINANCE  Fast Shellcode Generation tool  6 different payloads Most commonly used payloads (rev_tcp, bind_tcp, rev_https, rev_http, rev_tcp_dns, rev_tcp_all_ports) All payloads were ported from MSF • 1 current encoder Single Byte Xor Encoder
  12. 12. QUESTIONS???  Sukeshs.89@gmail.com  Twitter : @sukeshs89  Get theVeil-Framework: Github: https://github.com/Veil-Framework/ Now in Kali! apt-get install veil Read more: https://www.veil-framework.com
  13. 13. REFERENCES • https://www.veil-framework.com/  http://www.slideshare.net/VeilFramework/av-evasion-with-the-veil- framework-30196828  http://www.slideshare.net/VeilFramework/the-veilframework

×