Payload Generation using SharpShooter
Getting a foothold is often one of the most complex and time-consuming aspects of an adversary simulation. We typically find much of our effort is spent creating and testing payloads against various OS versions/architectures and against the most commonly used EDR (Endpoint Detection and Response), anti-virus and sandboxing solutions. Many of these solutions have become more focused and aware of PowerShell, as such we’ve naturally moved away from PowerShell to research other techniques for getting into memory and evading endpoint defences. This led to the development of an in-house payload generation framework we named SharpShooter. After using this framework with great success across a number of engagements, we have opted to release the tool.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s