Tools such as https://t.co/IKyo8x29Vk from Impacket are usually flagged for lateral movement due to the pre-built service executable that is dropped on the remote system. However, some vendors also flag Impacket based on its behaviour.
With RustPack, you can easily create service executables that won't be detected by signatures or behaviour-based detection. 😎
In this demo video, an unsigned service executable is generated. This will only fire the payload on a system with the hostname 'Win11' — environmental keying will prevent the payload from showing up in a sandbox or cloud analysis.
To avoid Impacket detection, we drop and execute the binary via the recently released Titanis protocol library from @TrustedSec:
https://t.co/AZcygPtDjb.
The result is an Adaptix C2 connection in the SYSTEM context. 🫡
#Pentest #RedTeam #Malware #OST
We would like to express our condolences to Blue Teamers.
Microsoft has announced Microsoft Excel will now support Python.
More information: https://t.co/LutCzlYc0x
We have to challenge the status quo of phishing. Phishing was still the initial access vector for 23% of breaches (M-Trends, 2021) and what we've always done might not be what we need today. 1/2
Justice Dept. seizes a record $3.6 billion in bitcoin tied to Bitfinex hack, charges married couple in NYC with laundering the stolen funds. https://t.co/Fs7bd3l21h
Heads up users of Cisco's Small Business RV Series routers/VPNs: Cisco has released updates that fix a slew of security issues, including several that have the maximum CVSSv3 score of 10.0. Proof of concept exploit code already available for some of them. https://t.co/0FOo2XxO47
I had the great pleasure of driving this super complex feature at my old job and I’m stoked to see it released: https://t.co/YzXKvVYJ8D
There’s been a few limited PoCs out there but thanks to help from @intel and amazing work from @standa_t and @TimoKreuzer this is in production.
Important: the second vuln, CVE-2021-45046, is now CRITICAL because remote code execution is possible in #Log4j version 2.15. This matters because initially it wasn't critical. Now it's more important to upgrade to 2.16.0.
https://t.co/zmdM03ylBK
Been spending a lot of time hunting down event sources lately to make better sense of some detections we've run into on operations. I wrote a little tool to help find event providers by recursively parsing directories/files for the specified GUID.
https://t.co/DStIlRmBEx
The Zelle fraud scam is rampant. You get an SMS about a suspicious Zelle transfer from "your bank." If you respond you get callerID spoofed scam call. To "verify your ID" they ask for your username. Then they password reset & ask you to read back the code https://t.co/r7wLaNZ404
I dove into Boot Configuration Data and why RaaS actors might want to modify those settings before they deploy ransomware, complete with some detection guidance. A not so new technique, but a good chance to talk about capability abstraction!
https://t.co/v8QKCRgA29