M. Samy, IOActive Security Consultant, will be presenting ‘Project C-Shell’ at the Black Hat MEA Arsenal, Call for Tools.
In his presentation, Mohamed introduces a unique Stager/Agent infrastructure that he has developed, integrating traditional methods with advanced AI and Blockchain technologies. This system operates across platforms and architectures, designed to circumvent antiviruses and Endpoint Detection and Response (EDR) systems. It achieves this through the dynamic and interactive execution of custom C# code, generated by GPT-4 based on user-provided prompts, using an execution engine called the “Kernel”.
The Stager/Agent’s remote control mechanism, facilitated by a Web3 (Blockchain SmartContract) Command & Control (C&C) backend, provides multiple layers of anonymity, immutability, and resilience. This approach leverages the inherent properties of Ethereum SmartContracts, making the system robust and resistant to censorship. Practical applications of this infrastructure span from remote control and management of servers and client operating systems for security control application and monitoring, to serving as a post-exploitation stager payload for red-teaming exercises, providing ethical hackers with remote code execution capabilities.
The Arsenal session aims to provide a comprehensive understanding of this tool and its applications, demonstrating the transformative potential of integrating AI and Blockchain technologies in cybersecurity practices, providing attendees with insights into the design and implementation of this infrastructure, exploring the potential of Web3, Blockchain, and GPT-4 code generation in the cybersecurity domain.