Presentation Material

Abstract

Video’s for the talk are listed below

• Part 1
• Part 2

In this talk , we gonna cover offline exploitation ways . One of the way shows spawning the Dynamic Reverse Shell and the other one shows , how we can get victim data with using an email account of Gmail,yahoo etc. All the communication between the attacker and Victim is done using a stand alone email account.

One of the problem being an attacker we find that once we exploit the system, it is so tricky to get access every time when victim system is up (internet connected!) for further command execution, both victim and attacker should be online my mechanism works on different mechanism..in which if one is online No Problem At All!! so in this presentation i am gonna show how we can use gmail,yahoo mail services to gain control over remote system with my tool as a payload and backdoor and it is anonymous, so no reverse trace backs no need for complicated methods for accessing remote systems. It is a new type of method of Maintaining remote access so if we create the exe using C# or any language it can be used as a payload in metasploit exploitation framework.

AI Generated Summary^{may contain errors}

Here is a summarized version of the content:

The speaker is discussing a tool that allows users to execute commands on a target system without directly connecting to it. The tool uses an intermediate “zombie” deck and Gmail/Yahoo/Hotmail services to send and receive commands and data.

Here are some key features of the tool:

• Execute OS-level commands using email
• Get information about allocated IP addresses, system ratings, and anomalies
• Disable keylogging and SSL stripping
• Compatible with Gmail, Yahoo, and Hotmail

The mechanism works as follows:

1. The user sends an email to their own account with a subject line containing the command they want to execute.
2. The zombie deck receives the email and executes the command on the target system.
3. The result is sent back to the user’s email account.

The speaker highlights that this tool allows for stealthy execution of commands without leaving a trace, as it doesn’t require direct connection to the target system. Additionally, the use of Gmail/Yahoo/Hotmail services makes it difficult to trace the origin of the commands.

Overall, the tool appears to be designed for covert and flexible control over target systems, potentially for malicious purposes.