Joe DeMesy

Sliver Me Timbers

Sliver is an open source adversary emulation/post-exploitation framework implemented in Golang and designed for red and blue teams.

This presentation will include stories of how our red team evades detection and inspire goals for blue teams to hunt for IOCs in creative ways. We will also go over the implementation details of Sliver’s HTTP and DNS C2 communications, and the challenges for attackers when implementing C2 over these protocols. We’ll also look at the various strategies employed by Sliver and other C2s to avoid network based detections.

We will also examine Sliver’s scripting interfaces and their utility to blue teams conducting automated endpoint control testing.

Joe DeMesy is a Principal at Bishop Fox. Joe is an expert in red teaming, secure development, proficient in several programming languages, and is a leading contributor to various open source projects. Joe is a noted expert in the field of information security, having been quoted in MarketWatch, NPR, InformationWeek, and Dark Reading. He has also presented his research at conferences such as BSidesLV, Kiwicon, BlackHat and private conferences hosted by the US Department of Defense.