1 00:00:01,620 --> 00:00:07,020 To compromise the victim systems, we prepared some malicious software and forced the victim to run 2 00:00:07,020 --> 00:00:13,820 the malware into their systems so we can open a back door or steal some data or gain a session, et 3 00:00:13,830 --> 00:00:14,270 cetera. 4 00:00:16,970 --> 00:00:22,400 Before talking about the customer payload creation, we need to see a few terms to make the subject 5 00:00:22,400 --> 00:00:22,940 clearer. 6 00:00:24,100 --> 00:00:29,830 Most likely, you already know the terms we'll talk about in this slide, if so, just jump to the next 7 00:00:29,830 --> 00:00:30,060 one. 8 00:00:31,180 --> 00:00:35,560 Malware, it's a short form of the term malicious software. 9 00:00:35,740 --> 00:00:39,280 It's a kind of software that's used to compromise the computer systems. 10 00:00:40,320 --> 00:00:46,230 It's an umbrella term used to refer to a variety of forms of hostile or intrusive software, including 11 00:00:46,620 --> 00:00:58,320 computer viruses, worms, Trojans, ransomware, spyware, adware scareder and other malicious programs. 12 00:00:59,200 --> 00:01:06,310 It can take the form of executable code scripts, act of content and other software. 13 00:01:08,080 --> 00:01:16,630 Payload inside malware is the portion of the malware which performs malicious action, Métis Foyt framework 14 00:01:16,630 --> 00:01:23,990 is one of the most known terms in the cyber security domain as the open source sub project of the Métis 15 00:01:24,010 --> 00:01:30,820 Boyd Project Metastable Framework as a tool for developing and executing exploit code against the target 16 00:01:30,820 --> 00:01:31,320 machine. 17 00:01:32,940 --> 00:01:39,270 Even though their depreciated and removed from Métis Foyt framework, I'd like to talk about MSF payload 18 00:01:39,390 --> 00:01:47,940 and MSF encode first their depreciated because their abilities are collected into a single tool, MSF 19 00:01:47,940 --> 00:01:48,510 venom. 20 00:01:49,110 --> 00:01:56,220 To understand what MSF venom does, it's better to talk about MSF payload and MSF encode first. 21 00:01:57,660 --> 00:02:03,780 MSF payload was a command line tool that's used to generate an output, all the various types of shell 22 00:02:03,780 --> 00:02:11,220 code that are available in Métis Point using MMFs payload, you can create an executable file, as well 23 00:02:11,220 --> 00:02:16,440 as creating a payload to embed the file, the parameters displayed in the slide. 24 00:02:16,650 --> 00:02:20,160 Give us some more about what the MSF payload does. 25 00:02:21,560 --> 00:02:28,760 Most of the time, one cannot simply use Chalco generated straight out of MSF payload, it needs to 26 00:02:28,760 --> 00:02:32,180 be encoded to suit the target in order to function properly. 27 00:02:32,600 --> 00:02:40,250 This can mean transforming your shell code into pure alphanumeric, getting rid of bad characters or 28 00:02:40,250 --> 00:02:42,620 encoding it for 64 bit target. 29 00:02:43,400 --> 00:02:49,970 It can also be instructed to encode shall code multiple times, output the shell code in numerous formats, 30 00:02:49,970 --> 00:02:56,860 see Perl, Ruby and one can even merge it to an existing executable file. 31 00:02:57,410 --> 00:03:02,270 So most of the time this tool was used in conjunction with MSF payload. 32 00:03:02,990 --> 00:03:07,910 MSF venom is the meta split's standalone payload generator. 33 00:03:08,330 --> 00:03:15,100 It's the combination of MSF payload and MSF and code putting both of these tools into a single framework 34 00:03:15,110 --> 00:03:15,740 instance. 35 00:03:16,100 --> 00:03:21,170 That means MSF venom is a combination of payload generation and encoding. 36 00:03:21,950 --> 00:03:27,440 You can do everything that you can do with MSF, payload and MSF and code. 37 00:03:28,130 --> 00:03:35,690 You can generate a payload and code the payload, avoid the bad characters, use a custom template and 38 00:03:35,690 --> 00:03:36,140 more.