When writing malware, oftentimes we need a bit more flexibility (i.e. sneakiness) than the victim's "normal" network stack provides us. Enter libpcap. Aside from powering tcpdump, it enables us to send and receive all sorts of strange (and hopefully invisible) network traffic we can use on the offensive side of things.

In this talk we'll first take a broad look at what libpcap is and what it can do for us, then we'll explore how to use it to do devious things like circumvent host-based firewalls, grab interesting info off the wire, ask system processes call us back with shells, and keep pesky EDR connections from happening. Source code for all of the techniques discussed in the talk will be made available.

Stuart McMurray (Red Team Operator and Developer at IronNet)
Stuart is a Red Teamer at IronNet, where he focuses on tool development, Unix, and general Swiss Army knifery. He's been on the offensive side of public and private sector security for six years, during which time he's been an operator and trainer and developed a small arsenal of public and private offensive tools. Stuart's been a speaker at BSides and CarolinaCon and has red teamed for Quantum Dawn and the Collegiate Cyber Defense Competition.