44CON2022 has ended
Back To Schedule
Friday, September 16 • 11:30am - 12:30pm
Pavel Tsakalidis - Codecepticon - Building an obfuscator to bypass Modern EDR and AV

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

During Purple and sometimes even Red Team engagements, in order to provide more value for your client it is critical to execute as many techniques as possible without relying solely on a SOCKS proxy. This also allows to evaluate the EDR and AV technologies the client relies on while also making the point that detection is more important than prevention. With all the open sourced offensive security tooling being fingerprinted to infinity and beyond, how can we achieve our goal without rewriting all of them from scratch?

This is how Codecepticon was born, an offensive security obfuscator that works with C#, PowerShell, and VBA (macros) – and no, this one isn’t a python script that runs “replace” a bunch of times.

This presentation will introduce you to the process and technologies used to develop Codecepticon, and how effective it is against modern EDR and AV technologies while being battle-tested for the last 1.5 year. And the cherry on top, it’s open sourced!

avatar for Pavel Tsakalidis

Pavel Tsakalidis

Pavel is a Security Delivery Manager for Accenture Security based in London, UK. He has more than 16 years of experience in the industry, 10 in software/web development and the last 6 in cyber security. He has developed and open sourced tools such as CrackerJack – a Hashcat Web... Read More →

Friday September 16, 2022 11:30am - 12:30pm BST
*Track 1*