Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training, Courses, and Resources
Can't find what you are looking for?

Let us help.

Contact us
Community Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely.

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk With an Expert
Talk With an Expert

SANSFIRE 2024: SANS@Mic - Implant, Phone Home

  • Thu, Jul 18, 2024
  • 7:15PM - 8:15PM UTC
  • English
  • Jonathan Reiter
  • Technical Presentation
Login to register
Webcast Hero

This presentation delves into the strategic utilization of Windows HTTP libraries, WinInet and WinHTTP, for developing red team malware tools. Starting with an overview of these libraries, we highlight their pivotal roles in Windows networked applications, particularly in covert operations and data exfiltration scenarios.

The WinInet API, primarily client-focused, and the server-optimized WinHTTP API are examined for their applicability in maintaining stealthy communications with command and control servers. A practical beaconing example in C++ will demonstrate each library's functionality in simulated red team scenarios. The session concludes with a case study on certificate pinning, essential for bypassing network security measures and enhancing the stealthiness of malware communications.

Attendees will leave with a comprehensive understanding of how to choose and implement the right HTTP library to bolster the effectiveness and discretion of their malware initiatives.

Meet the speaker

Jonathan Reiter
Jonathan Reiter

Jonathan Reiter

Jonathan is an officer in the Maryland Air National Guard serving as a cyberspace capabilities developer. With expertise in Windows implant development and kernel research, he brings practical defensive and offensive cybersecurity experience to SANS.

Read more about Jonathan Reiter