For the third time ERPScan experts gave a talk at the CONFidence. The conference was held on the May 24-25 in Cracow, Poland. This presentation at the international conference became anniversary for ERPScan — the tenth in 2010-2011 years.For a long time CONFidence has a reputation as one of the leading IT-events of Europe because it gathers the best speakers from all over the world. So such experts as Travis Goodspeed, Chris Valasek, Raoul Chiesa and Felix Lindner gave talk there this year. The lead researcher of ERPScan Alexey Sintsov talked about his experience in penetration test conducting if there are no any connection with attacked workstation and consequently with attacker. Alexey spoke about DNS reverse tunnel that he uses for penetration tests. Finally, he published own reverse DNS shellcode and payload that was written special for pentest tasks. He also demonstrated how malware C&C and BOT can work together.
Expert, who conducts pentest, has to show not only possibility of attack but he also has to explain that used protection (antivirus, firewall, etc.) is not a panacea. It was a subject of our presentation, where we demonstrated a possibility of workstation remote control using DNS local server when workstation is separated from the Internet
— said Alexey Sintsov, the lead researcher of ERPSCanresearch group.