For the third time the ERPScan experts gave a talk at the CONFidence conference which was held on the May 24-25 in Cracow, Poland. This presentation at the international conference became anniversary for ERPScan — the tenth in 2010-2011 years. For a long time CONFidence has a reputation of one of the leading IT- events of Europe gathering the best speakers from all over the world. Such experts as Travis Goodspeed, Chris Valasek, Raoul Chiesa, and Felix Lindner gave talk there this year. The lead researcher of ERPScan Alexey Sintsov talked about his experience in the penetration test with the aim to define if there was any connection with attacked workstation and consequently with the attacker. Alexey spoke about the DNS reverse tunnel that he uses for penetration tests. Finally, he published his own reverse DNS shellcode and payload that was written especially for the pentest tasks. He also demonstrated how the malware C&C and BOT could work together.
The expert, who conducts a pentest, has to show not only possibility of attacks but also to explain that the applied protection (antivirus, firewall, etc.) is not a panacea. It was a subject of our presentation, where we demonstrated the possibility of workstation remote control using DNS local server when the workstation was separated from the Internet
— said Alexey Sintsov, the lead researcher of the ERPSCanresearch group.