Project overview:

• Goal: Develop a comprehensive CI/CD pipeline that will automate the process of compiling and packing payloads for use in internal penetration testing. The pipeline will create custom versions of popular tools, ensuring they are packed and obfuscated in a way that allows them to bypass common antivirus and EDR solutions.
  
• Location: Amsterdam
• Timeframe: TBD
• Starting: TBA
• Complexity: Medium-high
• Team: Red Teaming
• Supervisor: Michel Klomp and/or George Damiris

As a student, you have:

Education:

• Currently pursuing a degree in Cybersecurity, Computer Science, Software Engineering, or a related field.
  

Soft skills:

• Ability to work independently and as part of a team.
• Strong problem-solving skills.
• Good communication, self-organization, and clear documentation writing skills.

Technical skills:

• Familiarity with CI/CD tools and pipelines (e.g., GitLab CI/CD).
• Experience with programming/scripting languages (Python, Bash, Powershell, C#).
• Understanding of penetration testing tools and frameworks (e.g., Metasploit and Cobalt Strike).
• Knowledge of software packaging and obfuscation techniques.
• Familiarity with Docker and containerization tools.

The project you will be working on:

As an intern, you will play a pivotal role in designing and implementing a CI/CD pipeline that automates the creation of obfuscated (.NET) tools and payloads for internal penetration testing. Your responsibilities will include:

1. Research and Planning:
   
   - Conduct research on existing CI/CD pipelines and identify tools suitable for automating the compilation and packing process.
   - Analyze different software obfuscation and packing techniques to understand their effectiveness in evading antivirus and EDR detection.
   - Focus specifically on existing .NET tools like Rubeus, Certify, SharpHound, SharpShares, SharpPersist, Seatbelt, and Chisel.
   - Explore in-process loaders and code injection techniques (e.g., early-bird APC queue code injection).
   - Research common static detection methods used by EDRs and develop strategies to bypass them.
   - Create a project plan outlining key milestones, deliverables, and timelines.
   
   
2. Pipeline Design and Architecture:
   
   - Design a modular and scalable architecture for the CI/CD pipeline.
   - Ensure the pipeline can handle the continuous integration and delivery of various payloads, with version control and testing capabilities.
   - Incorporate a mechanism to replace general values in GitHub repositories and apply obfuscation.
   - Leverage Docker and containerization tools to standardize the build and testing environments.
   
   
3. Development of the Pipeline:
   
   - Implement scripts for automating the build, obfuscation, and packaging processes.
   - Write custom scripts to automate payload compilation, leveraging languages like Python, Bash, or PowerShell.
   - Integrate existing NET tools into the pipeline, ensuring compatibility and flexibility.
   - Provide input support for GitHub repositories to fetch .NET tools, replacing general values and applying obfuscation.
   - Allow for input of raw binaries for C2 tools like Metasploit and Cobalt Strike.
   
   
4. Obfuscation and Packing Implementation:
   
   - Apply advanced software packing and obfuscation techniques to create undetectable payloads.
   - Develop custom obfuscation strategies or modify existing open-source solutions to evade common antivirus and EDR solutions.
   - Incorporate encryption techniques to further enhance payload confidentiality.
   
   
5. Integration and Testing:
   
   - Create automated test cases for the pipeline, ensuring payloads are correctly compiled, packed, and delivered.
   - Test packed payloads against a range of antivirus and EDR solutions, iterating on the obfuscation process to improve evasion rates.
   - Simulate different detection environments to understand various EDR/antivirus configurations.
   - Collect and analyze test results, providing insights into the pipeline's effectiveness.
   
   
6. Documentation and Recommendations:
   
   - Document the pipeline's architecture, setup, and usage guidelines.
   - Write comprehensive user and developer documentation for the pipeline.
   - Provide recommendations for future improvements, scalability, and potential integration of new tools.
   
   
7. Knowledge Sharing:
   
   - Collaborate with the internal penetration testing team to refine pipeline requirements and gather feedback.
   - Conduct knowledge-sharing sessions with the team to ensure smooth adoption of the pipeline.
   - Create an internal knowledge base to support future enhancements and usage.