Suman Kumar Chakraborty
Security Researcher
Zeron
Suman is a Security Researcher at Zeron. Author of CVE-2024-39904 & 4 IEEE papers. His C2 “GodGenesis” was among Offensive Security’s Top 7 Tools of 2023. Passionate about red teaming & tradecraft development.
Speaker sessions
VSXPLOIT : Weaponizing Remote Dev Tunnels for Red Team Operations
This talk presents VSXPloit, the first publicly available framework that:- Automates Remote Tunnel exploitation, eliminating the need for manual setup and reverse connection via other mediums for exploitation.- Generates payloads that establish tunnels stealthily across Windows and Linux environments.- Exfiltrates tunnel/session details into GitHub repositories, leveraging trusted infrastructure for communication.- Customizable to match further updates and needs for red teamers with friendly YAML based templatesBy chaining Remote Tunnel abuse with GitHub as a covert exfiltration medium, VSXPloit enables stealthy red team operations that blend into normal traffic. The talk will cover:- How VS Code Remote Tunnels work and where the blind spots lie.- How VSXPloit automates payload generation and tunnel setup.- Demonstrations of cross-platform exploitation.
- 13:00
- Tue
- 02 Dec
Stage:
Arsenal 2
Sessions Type:
Demo
VSXPLOIT : Weaponizing Remote Dev Tunnels for Red Team Operations
- 14:40
- Thu
- 04 Dec
Stage:
Arsenal 3
Sessions Type:
Demo