Published On Jun 14, 2023
Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/
DolosJS is a NAC bypass tool that was designed to be cheap to build, easy to deploy, and extremely hard to detect. DolosJS runs on a NanoPi R2S, making it both small and cheap. The DolosJS software autoconfigures the NAC bypass, making it the perfect penetration testing drop box. Operators can simply plug it into the target network and walk away. The project also includes setup scripts to allow the DolosJS device to call home over cellular LTE networks, ensuring that command-and-control (C2) communications never traverse the target network’s perimeter. When remote access over LTE is not required, the project includes setup scripts to establish C2 over Ethernet, WiFi, or Zerotier/VPN.
Forrest Kasler is a full time Penetration Tester and Social Engineer. As a lifelong nerd and hacker, Forrest loves automating advanced network attacks for his team. He has authored multiple open-source tools for the penetration testing community to address common challenges in day-to-day operations. Key research topics include: NAC bypass, MFA bypass, advanced MitM attack vectors, advanced OSINT, SMTP weaknesses, distributed brute force attacks, offensive data mining, and malware development.
///Black Hills Infosec Socials
Twitter: / bhinfosecurity
Mastodon: https://infosec.exchange/@blackhillsi...
LinkedIn: / antisyphon-training
Discord: / discord
///Black Hills Infosec Shirts & Hoodies
https://spearphish-general-store.mysh...
///Black Hills Infosec Services
Active SOC: https://www.blackhillsinfosec.com/ser...
Penetration Testing: https://www.blackhillsinfosec.com/ser...
Incident Response: https://www.blackhillsinfosec.com/ser...
///Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: https://www.backdoorsandbreaches.com/
Play B&B Online: https://play.backdoorsandbreaches.com/
///Antisyphon Training
Pay What You Can: https://www.antisyphontraining.com/pa...
Live Training: https://www.antisyphontraining.com/co...
On Demand Training: https://www.antisyphontraining.com/on...
Antisyphon Discord: / discord
Antisyphon Mastadon: https://infosec.exchange/@Antisy_Trai...
///Educational Infosec Content
Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest YouTube: / wildwesthackinfest
Antisyphon Training YouTube: / antisyphontraining
Active Countermeasures YouTube: / activecountermeasures
Threat Hunter Community Discord: / discord