Security BSides London, the UK’s biggest community-driven infosec conference is happy to announce its 8th iteration open to all regardless of background, skill level, income or job-title.  
  • Doors to the main event open at 8.30am with talks starting at 9am on 5 June 2019
  • Workshops will be held on 4 June 2018 starting at 10am; Pre-registration is required
Please remember that Security BSides London has a strict code of conduct available here
Back To Schedule
Wednesday, June 5 • 16:00 - 16:45
Offensive pcap

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

When writing malware, oftentimes we need a bit more flexibility (i.e. sneakiness) than the victim's "normal" network stack provides us. Perhaps we'd like to not worry about our source address being identified or maybe we'd appreciate not having to fiddle with host-based firewalls. Enter libpcap. Aside from powering tcpdump, it enables us to send and receive all sorts of strange (and hopefully invisible) network traffic we can use on the offensive side of things.

In this talk we'll first take a broad look at what libpcap is and what it can do for us, then we'll explore how to use it to do devious things like circumvent host-based firewalls, grab interesting info off the wire, ask system processes call us back with shells, and keep pesky EDR connections from happening. Source code for all of the techniques discussed in the talk will be made available.


Stuart McMurray

Red Team, IronNet Cybersecurity
Stuart is a Red Teamer at IronNet Cybersecurity, where he focuses on development, Unix, and general Swiss Army knifery. He's been on the offensive side of security for six years, living off the land since before it was cool, and connecting between boxes in strange ways for the better... Read More →

Wednesday June 5, 2019 16:00 - 16:45 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD