44CON2022

During Purple and sometimes even Red Team engagements, in order to provide more value for your client it is critical to execute as many techniques as possible without relying solely on a SOCKS proxy. This also allows to evaluate the EDR and AV technologies the client relies on while also making the point that detection is more important than prevention. With all the open sourced offensive security tooling being fingerprinted to infinity and beyond, how can we achieve our goal without rewriting all of them from scratch?

This is how Codecepticon was born, an offensive security obfuscator that works with C#, PowerShell, and VBA (macros) – and no, this one isn’t a python script that runs “replace” a bunch of times.

This presentation will introduce you to the process and technologies used to develop Codecepticon, and how effective it is against modern EDR and AV technologies while being battle-tested for the last 1.5 year. And the cherry on top, it’s open sourced!