Reading Time: 2 minutes

Two Lead Contributors to Open Source Tool for White Hat Penetration Testing will Explain New Capabilities Introduced Since Original Release in 2017

SUNNYVALE , Calif.–(BUSINESS WIRE)–#AppSecRiskSense®, Inc., pioneering risk-based vulnerability management and prioritization, today announced that senior security analysts and penetration testing experts Sean Dillon and Nate Caroe will present a deep dive session on new features added to the Koadic white hat hacking tool at Black Hat USA 2019 in Las Vegas.


Sean Dillon (aka @zerosum0x0), senior security analyst at RiskSense, has years of experience in penetration testing, exploit reverse engineering and malware research especially around the Microsoft Windows kernel. Sean is a co-author of the ETERNALBLUE and other MS17-010 Metasploit exploit modules. He was the first to publish a reverse engineering analysis of the DOUBLEPULSAR SMB backdoor. Sean has taught workshops on Windows internals at DEF CON and to government agencies.

Nate Caroe (@The_Naterz) is a Senior Security Analyst at RiskSense. He is one of the initial contributors and lead maintainer of Koadic. He has performed extensive exploration into exploitation and tool automation.




Koadic, a post-exploitation toolkit that leverages the Windows Script Host to provide all the features of a remote access trojan (RAT), was first released by Sean Dillon at DEF CON in 2017. In this Black Hat USA presentation, Sean and Nate will reveal new capabilities added to Koadic since its introduction two years ago, including the ability to extract information and intelligence about a targeted Windows environment, scrape user credentials more efficiently, and better navigate a network. They will also discuss best practices on how to use the tool for discovering and remediating security vulnerabilities in Windows systems to protect them from future attacks.




Thursday, August 8 | 1:00pm-2:20pm | Track: Malware Offense | Session Type: Arsenal




Black Hat USA 2019 | Business Hall (Oceanside), Arsenal Station 10 | Mandalay Bay | Las Vegas




To schedule a conversation with Sean Dillon, contact Marc Gendron at [email protected] or +1 781.237.0341. For more information, visit:

About RiskSense

RiskSense®, Inc. provides vulnerability management and prioritization to measure and control cybersecurity risk. The cloud-based RiskSense platform uses a foundation of risk-based scoring, analytics, and technology-accelerated pen testing to identify critical security weaknesses with corresponding remediation action plans, dramatically improving security and IT team efficiency and effectiveness. For more information, visit or follow us on Twitter at @RiskSense.



Marc Gendron

+1 781.237.0341

[email protected]


[email protected]