 Okay, so hi everyone. So you can probably judge from the title, but what we're gonna do today is we're gonna show how you can use Windows executables, service accounts, and cloud services to basically power your own model operation. Shortly about me, I've been around cyber security for a long time now, I've spent some time at, sorry, thank you for that. So I spent a bunch of time at Microsoft on APIs, IOT, cloud. I've been doing local, no-code security for like three years now which is weird because not many people are into it, but you will soon be, so that's cool. I started a company around 18 months ago called Zanity. I would folks that are sitting right here, we're focused on local, no-code security. And again, first time they've gone, very excited to be here as you can probably hear. So thank you for coming. By the way, this talk is gonna feature research from Aria Zilberg who's sitting right here, one of our researcher, so give him some love. This one is important, local, no-code is a cool thing. We are very much pro at the movement. And this talk, I will try to give you an attacker's perspective on that. The reason, of course, is to make sure that this is done in a responsible way. So what you're gonna learn today, use it to educate people around you, and let's see what it takes us. Okay, so I'm gonna start right now. When I say creating or running your own model operation, there are a bunch of things that could mean, so let's figure out what exactly I'm meaning that we're gonna do today. So you have initial access to some victim machine. There's a lot of other things that you need to do around it in order to really call it a model operation. You need to be able to, okay. So you need to be able to go through a firewall. You need to be able to actually run malware on that machine and be able to bypass DDR. You need to be able to create command and control across that firewall and to exfilter the data back to your, backwards outside of the org. You need to avoid detection by a bunch of enterprise tools that are out there in order to catch you. And you need to remain persistent on the actual victim machine when they're obviously trying to kick you out. All of those things are a bunch of grunt work. So what we're gonna do today is we're gonna show how instead of having to do all of that yourself, you can just focus on the initial access and on the last part which is kind of having fun. And we're gonna try and figure out whether we can, how we can use existing services to take care of all of that ops for us. So what, so here's this service that we're going to use. I'm not sure if you've heard about RPA. This is basically a technology that is out there in every major enterprise today. It's really every word. And the idea behind RPA is basically to take mundane processes that business users are doing. So copying and pasting through different software that they have on their machine and basically automating it. And the way that it gets automated is that the users are actually emulated. So the user gets impersonated. They are copying the keyboard and the mouse clicks and then reiterating them. And that's the way that they're using the user's own identity. And it's used to basically facilitate integration with old software that has no APIs which makes it easier. So RPA is built of three main components. The first one is an agent. It sits on somebody's laptop and it emulates the user as I've just mentioned. The second part is the controller which is able to go reach out to the machine, send some payload, the payload gets executed and then the output gets routed back. And there's a management portal which allows you to basically say, okay, here are all my agents. Here's the payload I'm gonna send to each one of them. The key thing about this technology is that every part here is trusted. And what do I mean by trusted? I mean trusted by the EDR, trusted by network security, trusted by the SOC team. So on the agent side, there are executables that are signed by the vendors themselves. We'll see that in a moment. The communication, so all of the endpoints, all of the protocols and the cloud services themselves. And there are a bunch of vendors that are providing these RPA solutions that, as I mentioned, are everywhere in the enterprise. Today, as you've kind of realized from the talk, Stider, we're gonna focus on Microsoft and you'll find out why in a moment. But actually everything that I'm gonna show you today is not specific to Microsoft. It's actually a problem. It's actually inherent in the way that RPA works. So RPA can take care of all of the malware ops that I've just talked about for us. So command and control, exfiltrating data outside of the org, avoiding defense, persistency, cleanup. But it also will be able to give us much more. So handling error, everything that's related to kind of engineering, updating those agents, being able to support any type of platform, those are all things that the RPA vendors will do for us. So this is the leaving of the land attack and we're gonna leave off the land of RPA and specifically Microsoft RPA to do what we wanna do. Here's our agenda for today. So we covered the motivation. Next up, we're gonna drill down a bit more into what RPA is all about. We'll focus on, we'll do a deep dive and understand how it works. Then I will shift gears and show you specifically how do you take RPA and leverage it to your own malware operation and really introduce a tool that will allow you to do that quickly. And don't worry, you will also send you home with kind of a few things you can do to remain protected or protect your organization. Okay, so in order to understand what RPA is, let's start off with a story. When I was a young, when I was a teenager, my friends and I used to play in a game called tibia. Who knows what tibia is? Raise your hand. Okay. That's a weird game, weird MMORPG from a long time ago where basically you level up your character, you play with other players and you collaborate. But a lot of the actual time that you spend on that game is actually doing things like fishing. So you need to improve your fishing skills. In order to do that, you basically go to a pond and then you need to click. So you click and you get some fish and you click and you get more fish and more fish. And this is basically transforming clicks and virtual worms into virtual fish. This is important for the game, but it is extremely boring. So of course, as a teenager, I wanted to take advantage of this. I wanted to basically be better than my friends and impress them. So I tried to find a creative solution for this to work better. I started off with physical automation. I actually looked for a picture of this. I couldn't find any picture. I'm not sure why somebody in my family didn't take the picture. As you can imagine, this didn't work. So the book would fall over. I would wake up in the morning and things were not as I expected. So I had to find a better solution. And I actually went with automation, which was basically, there was software that allowed me to basically record my keyboard and my mouse and then replay them. So I had this setup where I walk around the pond and I click on a bunch of fish. And when I wake up in the morning, I'm leveled up. So this is what it looks like. I think you're seeing it. So, and basically this made me the hero of my friend. So this was my first kind of, the first moment I got some love kind of became a bit popular. And this is funny because this is actually the basis of RPA. So the same technology that I used as a kid like 20 years ago is being used in the enterprise today to do very serious things. So RPA as a quick recap, it's about replacing copy and paste integration. It's a drag and drop builder. You'll see it in a moment. And the people, and it's used, the people that are building these RPA bots, they can be in IT, but they can also be business users. It emulates the user's own actions. So it operates as the user with their own identity. There's no way to distinguish those clearly. And it runs on the user's machines. And on the use cases side, enterprises are really using it for serious things. So customer services, financial services, on-boarding and off-boarding HR. So this is touching business sensitive data. Now, we understand what, now that we understand what RPA is, let's drill down technically into how it works and how, and that would also kind of lead us in the way that we're looking for with our model. So we want to use RPA for the model operation. And this is where we're gonna actually focus on Microsoft. And this is why. So Microsoft has released an RPA agent called Power Automate Desktop. And it is now baked into every Windows 11 machine. And by baked in, I mean, that if you take a fresh Windows machine, you'll search for Power Automate, it'll be there. It's also trusted by the EDR and trusted by other EDRs as well. So that's why we're going to focus on that on Microsoft today. Let's start from the user's perspective. So this is a fresh Windows machine, Windows 11 machine. Searching for Power Automate, I immediately find this executable. Let's see if this works. Okay, it works. So what I'm showing you here is a quick video that is me setting up my connection with that RPA service. The third thing that I'm doing is actually plugging in my office account. And the crucial thing here is that I could plug in any office account. So in this example, I created a new organization. You'll see that in a moment. And I'm plugging in my credentials with that organization. Once I plug in those credentials, I get to this drag and draw builder with a bunch of operations that are available for me. And then I'm gonna click, I'm going to create a lower world application that basically writes a lower world to a file on desk. The crucial thing here is that this thing is synced to Office Cloud. And it's not, it's synced to my cloud because I just logged in with my account. And so you'll see in a moment when I kind of finish off with the demonstration here that there's a bunch, so we're seeing it now. There are a bunch of basically bots or processes that are available for me to pick and choose from. Those are all things that I set up previously in my office account. So this is what you just saw. When you plug in your credentials, your office credentials to this Windows executable, you get all of the different payloads or processes that you have created in an office. This is how it looks like, this is how it looks like from an architecture perspective. So on one side you have Power Automate, the RPA agent and the other side you have Office. One sits in on-prem and another in cloud and the reason that I'm focusing on that is that Microsoft, of course, has to be deployed everywhere in large organizations so they need to figure out how, I mean how is this working? They haven't asked for permission from anybody, right? It's already there. So what we're going to figure out right now technically is how is this communicating? So we'll focus first on the left side which is actually the local side. Power Automate is not one executable, there are a bunch of those. There's one service that's called Power Automate runs on the user's own account and there's another service account that's being created that you can see here that runs with an executable that's called Machine Runtime and that will be the one that's actually in charge of communicating with Office Cloud, we'll see that in a moment. There's also, Power Automate also allows you to automate the browser. So you can basically, so through an extension on all popular browsers, you can change what users are viewing on the browsers and you can also kind of fetch all of the information that they have there. So we'll add that to our architecture as well. As you can see, there are these extensions across all of the different browsers. This is the, so what you're seeing here is actually that I've only talked about three executables out of about 20 that are built in to Windows 11 again and you're seeing that this is an entrusted, this is kind of an entrusted location. So there's plenty of opportunity to do more research here. So if you're looking for a challenge, I recommend checking this out. So let's switch to another direction and talk about the communication. So of course, network boundaries have been, I mean people have been trying to maintain them for a long time and there's a really serious question we should ask ourselves here which is how is Microsoft able to communicate with office services without having some IT admin open up a port somewhere? The way that this is done is with a neat service called Azure Service Bus. It used to be Azure Relay. Basically, both sides are creating outbound communication and so this is how the channel gets created. So the agent will reach out to Azure Service Bus every couple of minutes and ask for new tasks that it should pick up and use. Okay, so we're connected. We understand how these things operate. We understand that it has components that run as the user and components that run as a service account. The crucial thing to note right here because it's the last time I'm gonna say it is that all of these things are trusted. The executables are trusted, the service accounts are trusted, the cloud accounts are trusted. They are all in the allow list that you get by default. Once you plug in your machine, this is what you're seeing from the office side. So office provides you with kind of a nice way to view all of the machines that are connected to your cloud. You can also run things on the laptop from the cloud. So you trigger, you create some sort of a payload and you can execute it from the cloud on some machine and then you get the status. You can look at history. You can debug things. So all of the kind of convenience layers that you need around it. The last thing that I wanna cover in terms of architecture is how is trust being established? So it's not only about connection to the Azure service bus. Actually there needs to be kind of a trusted communication between the two. So when you register your machine with Power Automate that you saw me do a few minutes ago, there's a private key that's being created on your local machine and a public key on the cloud side and it's being used to basically encrypt a message that sends two things to the machine through Azure service bus. The first thing is local credentials. So you can run those payloads with whichever local credentials you'd like on the machine. And the second thing is an RPA task which is the kind of the process that you would like to run. So again, in a summary, in a nutshell, this runs on the, this executes on the user's own, with the user's own credentials and it constantly goes out to office and asking whether there's something it needs to be running. So what we're gonna do right now is we're gonna switch gears up until now it was kind of theoretical. We're gonna go to specifics of how you can use this setup to run your model operation with Power Automate, Microsoft's RPA. So let's remember our wish list. These were the things that we wanted to accomplish when we started this conversation. So all of the things here that are around ops will go through each one and show how they can be done. First up, we need a bit of setup. So what you need in order to use this is basically, what I'm doing here is creating a new tenant within Microsoft. It's kind of a trial version. You don't need to plug in your credit cards. It won't cost you anything. I'm creating a new organization and you can see that once it is created there's a guide here that which pointed me to how do I create, how do I onboard new machines here? So we need to onboard victim machines into my malicious Microsoft account. You've seen me do this already in the demo but this was done through UI which is kind of not what we're after as hackers. So the question is whether we can do it programmatically with some script. Fortunately Microsoft has provided a script for us. Again, signed already in your Windows machines. So you run this silent registration script and you provide it with your organization ID and again the crucial piece here, if you're thinking of detections as well is that you can plug in any tenant ID here. So of course I'm just sending, I'm just saying okay this is my account and I'm pointing this agent to my malicious office tenant. Once I run this script, I go back to the list of machines and the machine is already there and you can see that I have the status of the machine, the version of the agent that's sitting here. So that's kind of cool that that's how, that's basically our way to onboard victims to our malware operation. One thing that was problematic about what I just showed you is that this requires an admin privilege on the local side to do this onboarding which makes this kind of boring, right? Fortunately that's not really the case. So we didn't do anything special here, we just tried, it worked, so why not? So you can just run this and it will connect the victim's machine to your cloud. Once the victim machine is registered, here's what you need to do in order to run a payload from the cloud to the machine. So you create this automation from the cloud side, you create a connection, you basically you choose which machine you're going to run on, you choose the local credentials, we saw that this is part of the payload earlier and you choose a specific payload that you'd like to run. Of course you can create new payloads and on your own machine and upload them to Windows. One thing that we need to figure out because we need to provide a user account here, we need to figure out what happens if that user is already logged in to the local account. What would it do to the user session? So again, people have already fixed this problem for us. RPA has two versions, attended RPA which basically runs in parallel to a logged in user. This also means I can take charge of everything that the user is doing, I can open the browser and take their cookies, I can do everything that the user is doing. And on the other side is unattended RPA which basically creates a new session, runs the payload and discusses of the session. So we've seen a bunch of things from our list of the malware operation that we wanted to create. We know that we can deploy malware. We saw this with the register, with basically a silent registration. We know that this avoids defense while this was the premise, everything here is trusted. And we know that you can maintain persistency because I didn't install anything on the laptop, right? I only used Microsoft's own executables. What we're gonna show next is how we'll accomplish all of the things that are left over. Now we've already kind of seen command and control but we're only so specific payload so let's drill down into it some more. Okay, this is how we're gonna, now we're just gonna show what you can build with this RPA, what can you actually do on the user's machine. So here's a very quick data X field for you. This is an RPA flow that does the following. It gets as an input, a file, a pass on the hard disk and basically it reads the file and it sends the file content as an output of that flow. Again, this runs with Microsoft's executable from, and the key thing that we need to think about is where is the output actually going? So it's going to Microsoft cloud. I'm triggering it from Office. I'm logging into Office with my malicious account. I'm sending out this payload and I get in response the actual, the content of the file. So recalling the architecture that we saw earlier, let's figure out where does the data move to make sure that we don't get caught along the way. So this is the architecture that we saw and these are the three steps that are actually happening. I'm building those instructions on my side on a malicious machine somewhere and I'm uploading the instructions to Office cloud. Then I'm sending the payload to the machine through the Microsoft Trusted Communication channel and the output goes through that same channel. So again, completely undetected. So here's another example. So this example goes through code execution. So we saw that you can run specific payloads but actually I would like to be able to run everything that I want on that laptop. So again, fortunately, the RPA agent provides you with the operations that allow you to execute actual code. So command lines, PowerShell, Python, JavaScript. So here's a quick automation. I'm basically sending out a script, telling them which kind of script, how will it be executed and then I'm exploiting outside the STD, out an STD error. Actually, the problem is that when I run this, it gets flagged by Microsoft EDR. Now, why does it get flagged? I mean, it gets flagged because I run a command line. It doesn't really matter who created that command line. The EDR is very focused on looking on those command lines that are actually running. So you can see that I basically went out of the trusted part. So there's the trusted part, the RPA agent, which is able to run some sort of code. Like, here's a piece of code, run it with this executable or that executable. And there's the untrusted part, which is the command line. So the question becomes, what can we do only with this drag and drop primitive? So what kind of malware we can build only with no code? Actually, we can do a whole bunch of things. So these are all things that are provided by the RPA agent. Let me name some of them. You can use the built-in encryption function to encrypt files. You can trigger HTTP calls. You can communicate with Active Directory in Windows services and processes. You can look at files and folders. You can automate the browser. You can take screenshots. You can automate the mouse and the keyboard. You can copy the clipboard. You get it, right? You can do basically everything. So let's do a couple of things. Here's no code run somewhere for you. This one is, again, very simple. I'm iterating through the drive, through the local drive. I'm reading the file, encrypting that file with the provided encryption function, and then stamping that file with, replacing it with the original. Here's how this gets triggered from the cloud side. So again, very simple. I'm saying, here's the directory I'd like to encrypt. Here's the private key. And it will just go to the machine, send the payload, encrypt the file, and that's it. And I'm getting flashes here that I don't have a lot of time, so I'm gonna skip kind of through it. But as you can see, this is being triggered from the cloud side. And when the task gets finished, and you saw that this already happened, I basically see it. I get the results on the cloud. And from the machine side, of course, the files are encrypted. The EDR didn't catch it. This is all being done by the Microsoft executable. Okay. Here's another one for you. So we know that this agent is actually creating a whole bunch of logs, the agent that we're actually using. Because every time that it gets called, it writes what did it call, what exactly did it do. But again, looking at Microsoft documentation, we can figure out where these logs are being maintained, and we can just go ahead and delete them. So here's the flow to do that. I'll finish off with one more. We talked about the browser. So here's a quick thing that we can do. We can open the browser. We can go to some endpoint that we'd like to steal the user's token from. And we just plug in a JavaScript shell inside of that browser to basically take home the cookie. So there's a quick demo for that here. Not sure I have the time, but basically it's really simple. What this does is it opens up the browser, it goes to that location, and it just runs the JavaScript script that I've mentioned. And fortunately, there's a nice property here where you can open the browser in a minimized version. So the user won't know this. Okay. So a quick recap on anything we did, everything we did up until now. We saw how you can deploy malware, you can avoid detection, you can remain persistent. We saw you can create command and control through the Office Cloud. We saw exfiltration and cleanup. We actually wanted to show a bunch of other things like Keylogger and other things, but you can just play around with it and I'm sure you'll find it nice. The one thing that I'm going, the one thing that I have left for you is how do you do all of that as part of your existing arsenal? So you don't want to be playing with UI for Office and those things. So we've introduced this new tool for you. You can go ahead and use it right now. You'll have an address in a moment. Basically, we've covered a bunch of things for you. So we are handling errors. We are creating an HTTP endpoint on the malicious Office side, which you can just call and then you do something like you post, okay, here's the machine I'd like to run this payload on. Here's the payload I'd like to run. Here are some parameters and you get back all of the outputs of that process. And all of the things that you saw here in the talk and other payloads as well are available through that tool. So this is available right now. There's a convenience layer around it in Python. Let me quickly describe how it works. You create your Microsoft tenant. There are instructions on how to do that. Again, no credit card free of charge. You run a quick script that I'm setting up that tenant. You register with your machines with Microsoft's executables, not mine. And then you use this nice Python script to do things like run, run somewhere, run specific commands, and please feel free to send out pull requests with new payloads. So we're about done. Let's do a quick recap. We saw what RPA is. We saw that it's available on every major enterprise. Check it out back home. You'll see it's already there. We saw how it works and we saw how it can be used to power a malware operation. We saw that you can use it with local primitives that basically allow you to do whatever you want. We saw Powerporn, which is a new tool that you can use right now to play around with it and to see how it works. The last thing I'm gonna do, and I'll do it very quickly, is leave you off with a few things you can do to protect yourself, to protect your organization. So here's one very, very obvious thing. Monitor these executables. So as you can see, you need to make sure that basically the number one thing you need to make sure is that people are not registering those agents to a tenant that is not your own. You can also review, this entire talk was focused on using the existing tools without talking about whether the organization itself is going to use it. So your users might actually be using this. If they're using this, there are a bunch of issues that can occur. If that's interesting for you, I have another talk here at 4 p.m., same room. So if you're not tired of me yet, see you again. And there are a bunch of information that you can use here to learn more. Microsoft Documentation, there's an OS group that is focused on this area, and a bunch of blogs and content. Thank you very much.