The document introduces the Veil Framework, a toolset designed by Veris Group security researchers to enhance pentesting and red teaming capabilities. Key components include Veil-Evasion for AV-evading executables, Veil-Catapult for payload delivery, Veil-Pillage as a post-exploitation framework, and Veil-Ordinance for shellcode generation. The document also discusses the features and integration capabilities of these tools, as well as their practical applications in security assessments.

1. THE VEIL FRAMEWORK
SUKESH SHETTY

2. WHO AM I ?
 Working with NII Consulting as a Senior Consultant
 Certified to CEH v 8, ISO 27001:2013, 22301:2012,20000-2011 LA, CCNA
 Web Pen testing,VAPT, Network Security, ISMS & BCMS Implementation &
Maintenance, IT Risk Assessments & Security Auditing

3. AGENDA
 TheVeil Framework
 Veil-Evasion
Genesis
Veil-Evasion Approach
Veil-Evasion Features
Demo
• Veil-Catapult
• Veil-Pillage
• Veil-Ordinance

4. THEVEIL FRAMEWORK
 Created byVeris Group Security Researchers i.e Will Schroeder, ChrisTruncer,
Michael Wright
 A toolset aiming to bridge the gap between pentesting and red teaming
capabilities
Veil-Evasion: flagship tool, generates AV-evading executables
Veil-Catapult: initial payload delivery tool
Veil-PowerView: situational awareness with Powershell
Veil-Pillage: fully-fledged post-exploitation framework
Veil-Ordinance: a tool that can be used to quickly generate valid stager shellcode

5. VEIL-EVASION : GENESIS
 Antivirus can’t catch malware but does catch pentesters

6. SOLUTION
 Security Experts :Will Schroeder, Chris Truncer, Michael Wright found a way to
execute existing shellcode in an av-evading way i.eVeil-Evasion

7. VEIL-EVASION APPROACH
 Veil Evasion does its’ work by:
Using an aggregation of various shellcode injection techniques across multiple
languages
Having a focus on automation, usability, and developing a true framework
Using some shellcodeless Meterpreter stagers and “auxiliary” modules as well

8. VEIL-EVASION FEATURES
 Can use either Metasploit generated or custom written shellcode
Metasploit Framework payloads/options are dynamically loaded
 Third-party tools can be easily integrated
Hyperion, PE Scrambler, Backdoor Factory, etc.
 Command line switches add in script-ability
 Check payload hashes againstVirusTotal

9. VEIL-CATAPULT
 A basic payload delivery tool
 Tight integration withVeil-Evasion for on-the-fly payload generation, can
upload/execute or host/execute
 Cleanup scripts generated for payload killing and deletion
 Now obsoleted with the release ofVeil-Pillage

10. VEIL-PILLAGE
 A post-exploitation framework
 Multiple trigger options (wmis,
psexec, etc.)
 Completely modular, making it
easy to implement additional
post-exploitation actions
 Comprehensive logging and
cleanup capabilities

11. VEIL-ORDINANCE
 Fast Shellcode Generation tool
 6 different payloads
Most commonly used payloads
(rev_tcp, bind_tcp, rev_https,
rev_http, rev_tcp_dns, rev_tcp_all_ports)
All payloads were ported from MSF
• 1 current encoder
Single Byte Xor Encoder

12. QUESTIONS???
 Sukeshs.89@gmail.com
 Twitter : @sukeshs89
 Get theVeil-Framework:
Github: https://github.com/Veil-Framework/
Now in Kali! apt-get install veil
Read more: https://www.veil-framework.com

13. REFERENCES
• https://www.veil-framework.com/
 http://www.slideshare.net/VeilFramework/av-evasion-with-the-veil-
framework-30196828
 http://www.slideshare.net/VeilFramework/the-veilframework