Vomiting Shells: Tracking the Splatter Patterns

THOTCON 0x6

Presented by: Ryan Linn
Date: Thursday May 14, 2015
Time: 15:00 - 15:50
Location: Track One

Penetration testers and attackers alike use tools without understanding the impact or what is left behind. This presentation will look at a variety of different methodologies for delivering shells and then track the artifacts that are left behind. For attackers, we will be discussing some additional ways to limit your footprint. For defenders, we will highlight common areas for review and show patterns for a number of the most common ways of achieving shells. Along the way we will highlight the IOCs that will help defenders more easily identify the tools and methodologies used for attacks, as well as ways to limit their impact.

Ryan Linn

Ryan has more than 15 years of experience in Information Security. He has worked as a Technical Team Leader, Database Administrator, Windows and UNIX Systems administrator, Network Engineer, Web Application developer, Systems programmer, Information Security Engineer, and is currently a Principal Consultant at Nuix.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats