All of us know that post-exploitation we need some mechanism to maintain access on the target. One of the most common methods is by installing a trojan. I have tried to maintain a list of similar tools on the malware sources page on this blog. Now, there is a new entrant which ups the game real time - Koadic. It also happens to be open source and as much difficult to detect by using common methods. Read more about Koadic: An Advanced Windows JScript/VBScript RAT!
Open Source Archives:
About a month and half ago, Nmap 7.50 was released. Today, a few minutes ago - Nmap 7.60 was made available with SSH support, improved SMB2/SMB3 support by Paulino Calderon (@calderpwn), addition of 14 NSE scripts and a new Npcap version. Nmap is now the default tool to discover services running on a remotely connected system. None of us really need any introduction to this very popular “network mapper“. Read more about UPDATE: Nmap 7.60 Now Available!
This is a short post about nps_payload, an open source, python script that helps you create basic payloads that help you avoid or bypass intrusion detection systems. This is a mix of @ben0xa's Not PowerShell (nps) frameworks and some features of @HackingDave’s unicorn tool. As you know, Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory and the Not PowerShell toolkit allows you to encrypt and drop binaries.As with most offensive tools Read more about nps_payload: Basic Intrusion Detection Avoidance Payload Generator!
My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 2.1.0! What I like about this release is that the patch-level verification for Ruby Bundler has been proven conclusive and is now fully implemented. Read more about UPDATE: OWASP Dependency-Check 2.1.0!
My first post regarding this malicious Microsoft Office document generator was about an older version. However a few hours ago, an update was released - Luckystrike 2.0! Major highlights for this awesome release include full support for Microsoft Word in addition to a new COM scriptlet payload and Excel DDE infection support. Along with this, support for Invoke-Obfuscation is inbuilt! Read more about UPDATE: Luckystrike 2.0!
It's that exciting time of the year folks when new people from the security walks of life throng to casinos in the desert. Yes! I am talking about Black Hat, BSidesLV, DefCon. Bringing to you a part of utility that will be completely released at BSidesLV - SmoothCriminal, which demonstrates an anti-VM & anti-sandbox technique that is used by some malwares today. Read more about SmoothCriminal: Sandbox Detection Via Cursor Speeds!
My older post about Prowler can be found here. This post is about an update made to the AWS CIS Benchmark Tool - Prowler 1.3! Read more about UPDATE: Prowler 1.3!