THE ART OF PERSISTENCE:
LURKING BEHIND THE BROWSER
Samuel Pua, MWR InfoSecurity
Enterprise environments have never been more closely monitored, forcing adversaries — real and simulated alike — to focus on novel approaches to evade detection. Blue team capabilities are ever-improving and increasingly focused on expunging adversaries from their networks before they realise their objective, moving attention up the kill-chain.
This talk will explore one of the persistence mechanisms MWR developed while breaking into enterprise networks in Singapore and Hong Kong.
Internet Explorer, ubiquitous with its presence in enterprise environments, poses interesting opportunities for adversaries in the form of reliable, quiet, and adaptive persistence mechanism. In this talk, you'll learn how we use native Internet Explorer functionality within Browser Help Object, to maintain access to an environment. To realise this, various in-built-protection mechanisms were studied and evaded, resulting in our development of new techniques to fully-weaponise this approach.
By the end of the talk, red teamers will learn to leverage the easily-available browser in the corporate environment as a persistence technique. Blue teams benefit too, as they are able to defend against it through understanding the teechnique's process and artefacts left behind.