Post Exploitation Nirvana Launching OpenDLP Agents over Meterpreter Sessions

Andrew Gavin

Wed, 10th April 2013

Speaker Bio 1:
Andrew Gavin creator of OpenDLP, is an information security consultant at Verizon Business. With more than a decade of experience in security assessments of networks and applications he has worked for numerous customers in various industries around the world.

OpenDLP is an open source, agent-based, massively distributable, centrally managed data discovery program that runs as a service on Windows systems and is controlled from a centralized web application. The agent is written in C, has no .NET requirements, uses PCREs for pattern matching, reads inside ZIPs like Office 2007 and OpenOffice files, runs as a low priority service so users do not see or feel it, and securely transmits results to the centralized web application on a regular basis. The web application distributes, installs, and uninstalls agents over SMB; allows you to create reusable profiles, view results in realtime, and mark false positives; and exports results as XML.

OpenDLP also supports scanning databases for sensitive information. It can also perform agentless scans of Windows systems over SMB and UNIX/Linux systems over SSH.