[Black Hat Asia 2020] Paula and Mike’s Arsenal on the CQOffensiveSecurity Toolkit

Another great Black Hat event is now behind us, so catch this summary from the CQURE Academy perspective! 

During the Arsenal sessions, cybersecurity experts from all over the world present the latest open-source tools, so our team couldn’t be missing from the line-up. 

October 1-2, Paula Januszkiewicz and Mike Jankowski-Lorek gave talk about CQOffensiveSecurity: The Extreme Windows Offensive Security Toolkitas part of the Exploitation and Ethical Hacking track. 

 

CQOffensiveSecurity Toolkit  

This tool enables you to perform advanced Windows Infrastructure Penetration Testing.  

It guides you through the process of gathering intel about the network, workstations, and servers. Additionally, it contains common techniques for privilege escalation, antimalware avoidance and bypass, credential harvesting, and lateral movement.  

CQOffensiveSecurity also allows for the decrypting of RSA keys and EFS protected files, as well as blobs and objects protected by DPAPI and DPAPI-NG. 

This toolkit is commonly used among CQURE Experts and pentesters on daily basis, together with other tools such as CQRepacker, CQSecretDumper, CQLsasSecretDumper, CQCredentialHarvester, CQSystemEscalator, CQTcbImpersonateCQSqlTDEdecrypter, and many more.  

During the Arsenal session, Paula and Mike announced brand-new tools for escalation and lateral movement for PKI and ADFS, as well as for disabling Azure Information Protection to search through encrypted and protected files at your ease  

Find the presentation slides HERE 

Download the tools HERE 

If you have any questions please leave a comment below or drop us a message via our contact form. 

And if you’d like to get more knowledge on this topic, we are announcing the comeback of the 30-Day Windows Security Crash Course! 

It will arm you with 30 cybersecurity skills in just 30 days via a daily dose of 30-min video lessons, exercises, and tools. Learn 30 skills that are relevant now.

About Black Hat 

Like most of the conferences in 2020, this edition of Black Hat Asia was held as a virtual event. 

For more than 20 years, Black Hat has been inspiring professionals at all career levels and encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors. 

During the event, you have a chance to participate in training classes, Arsenal Sessions, Briefings, and Review Boards. 

For more information about the event, visit the website.  

 

Join cybersecurity experts for a FREE live webinar on October 15 to learn six techniques you can use to make life miserable for cyber-criminals in the year to come. This practical session will feature fun challenges, cool presenters, and a Q&A, so get your questions ready for the mystery experts. SIGN UP HERE.

Comments