About The Tool

vulncon2024@vulncon:~
speaker
Soumyanil Biswas
Security Researcher
vulncon
vulncon2024@vulncon-[~]
cat ~/tool-name
DarkWidow: Dropper/PostExploitation Tool targeting Windows
vulncon
vulncon2024@vulncon-[~]
cat ~/tool-abstract

DarkWidow is a customizable dropper tool targeting a EDR enabled windows environment. It has various EDR evasive functionalities built into it which would help Red Teamers to get an initial access into a EDR enabled windows target. It uses indirect system call implementation along with powerful APC Early Bird to CUT OFF telemetry Catching by EDR. Malware protecting configurations so that EDR can't really inject its EDR dll into our dropper malware. PPID spoofing is there to hide under the radar of detection of malicious parent-child process relationship. Dynamic resolving of cursed NTApi and dll indirectly from TIB (not the normal approach of availing from PEB) and also not to mention the NTApis and Dll's are hashed. Lastly, it would have synthetic frame thread stack spoofing (active spoofing) enabled into it in order to evade ETWTi telemetry catching. Also this tool is highly customizable due to it's built in code structure.

vulncon
vulncon2024@vulncon-[~]
cat ~/speaker-bio

Currently into Security Research. Though he has an electronics background, he has an immense interest in information security. Black Hat Asia 2024 Presenter. Former Speaker at BSides Singapore 2023. Also got an invitation as a speaker from BSides St. Pete (Florida) 2023, BSides Prishtina (Kosovo) 2023/2024 and Hackmiami Conference XI 2024.

He is learning new stuff day in and day out. He is passionate about offensive security more than defensive. He has played CTFs, solved 100+ rooms in TryHackMe till now. He has CRTP. Nowadays, he spends most of the time building scripts/open source malware dev evasion based projects, digging deep into windows system internals, building scripts on On-prem and Cloud-based (like, AWS) Attack Vectors.