Monthly Archives: July 2018

GhostPack was recently released by Will Shroeder.  This is a great package of C# offensive tools.  C# is a relatively untapped part of the offensive toolkit with some unique opportunities and challenges.  It is great because it gives you a great API that you can live off of, it is sometimes a challenge as different versions aren’t always consistently installed across different organizations.  In this post we are going to talk about applying a concept that I developed to one of these tools to reduce detection surface as much as possible.  The tool we are going to look at is SafetyKatz which wraps normal mimikatz in C# which in turn wraps some unmanaged code using a PELoader technique created by Casey Smith.  Essentially what this post boils down to is shrinking the on-disk footprint of SafetyKatz from about ~700KB to about 5KB and loading the rest over http or https using a technique I call .Net over .net.

Read Full Article