Every once in a while there is a discussion regarding the existence of OST. Most of them are written with the educational or red teaming intent, but also abused let’s address that and detect them!
I’ll introduce the Offensive Security Tooling existence, some history and some examples of tools being used for malicious intent. These tools have been fueling discussions for years whether they should be there or not since the bad guys are able to use them as well. On the opposite side there is the more mature detection community that truly benefits from the research put into these tools to be able to raise their maturity against these often sophisticated attacks.
While this discussion is sometime tiring and often valuable, things won’t change soon so lets take a constructive and pragmatic.
During this talk I’ll present the most prevalent tools being used by malicious actors
Next I present how I researched them to be able to detect them, this follows the flow I use in my detection engineering methodology.
After the talk I will release an open source repository of detection logic that any organization should be able to implement, joined with the required documentation and potential mitigations.