Antivirus / EDR bypasses for post-exploitation

Project overview:

  • Goal: Research and implement different methods to generate post exploitation tools that are undetected by AV/EDR
  • Location: Amsterdam / Eindhoven (Preferred)
  • Timeframe: 3-6 months
  • Starting: As soon as possible
  • Complexity: High
  • Team: Security Specialists
  • Supervisor: TBA

As a student, you have:

Education:

  • An HBO or WO level of education in the relevant domain.


Technical skills:

  • Proven experience with development in C;
  • Proven experience with development in Python;
  • Proven experience with evading exploitation mitigations;
  • Experience with CobaltStrike is a pre;
  • Experience with (basic) exploit development is a pre;


Soft skills:

  • The ability to work well in an international team environment;
  • Good communication skills
  • Organized.
  • Clear documentation writing skills.


The project you will be working on:

Secura is performing real-world attack simulations called Red Teaming. The objective of these simulations is to emulate the tools, techniques and procedures of known Advanced Persistent Threats in order to test an organisations Cyber resilience capabilities. One of the components in an APT's attack chain is the deployment of post exploitation tools that allow for lateral movement and privilege escalation in the target networks.

However, modern AV and EDR systems are getting better and better at blocking these types of software from running on endpoints.

The focus here is on using the CobaltStrike framework to generate payloads aimed at Windows environments.

As an intern, you will be tasked with the following:

- Acquire an understanding of the project and used technologies;

- Perform a study on the background of the topic so you can build on existing techniques;

- Research what methods used in the real world are working on up-to-date systems and what the limitations are;

- Interview Red Teaming members and create an inventory of tools and techniques that are regularly used during the post-exploitation phase of Red Teaming assessments;

- Research CobaltStrike's Beacon Object Files (BOF's) and consider what tools/techniques would make sense to be implemented as a BOF;

- For other tools, figure out in accordance with the Red Team what tools should be changed in such a way that they evade detection by AV/EDR software;

- Test in what circumstances you can successfully deploy these post exploitation tools;

- Thoroughly document the process and results;

- Take operational security (OPSEC) into account. How to stay undetected, and not leak information when detections by the Blue Team take place

Important:

Note that you might not be able to publish specific techniques developed during this internship, as this might void their usability.

Contact us

We would like to receive your CV and motivation letter by mail via jobs@secura.com.

Send email keyboard_arrow_right