All of us know that post-exploitation we need some mechanism to maintain access on the target. One of the most common methods is by installing a trojan. I have tried to maintain a list of similar tools on the malware sources page on this blog. Now, there is a new entrant which ups the game real time - Koadic. It also happens to be open source and as much difficult to detect by using common methods. Read more about Koadic: An Advanced Windows JScript/VBScript RAT!
My first post regarding this malicious Microsoft Office document generator was about an older version. However a few hours ago, an update was released - Luckystrike 2.0! Major highlights for this awesome release include full support for Microsoft Word in addition to a new COM scriptlet payload and Excel DDE infection support. Along with this, support for Invoke-Obfuscation is inbuilt! Read more about UPDATE: Luckystrike 2.0!
It's that exciting time of the year folks when new people from the security walks of life throng to casinos in the desert. Yes! I am talking about Black Hat, BSidesLV, DefCon. Bringing to you a part of utility that will be completely released at BSidesLV - SmoothCriminal, which demonstrates an anti-VM & anti-sandbox technique that is used by some malwares today. Read more about SmoothCriminal: Sandbox Detection Via Cursor Speeds!
As PowerShell becomes more prevalent in the Windows environment, so will it's use for vulnerability assessment and penetration tests. I have covered a few of them earlier such as PowerSploit, PSAttack. However none of the ones I mentioned help you detect network vulnerabilities. That is set to change with NetworkRecon, a script that helps you find anomalies in observable network protocols. What is NetworkRecon? NetworkRecon is an open source PowerShell network reconnaissance module which will Read more about NetworkRecon: PowerShell to Identify Network Vulnerabilities!
An older post of mine - MicroSploit dealt with generating backdoored documents for the Office platform. This post is about another open source framework, called WinPayloads which helps you create custom malicious payloads for the Microsoft Windows operating system. Read more about WinPayloads: Generate Undetectable Windows Payloads!
There is a lot of fun offensive stuff being developed in PowerShell these days. An example is Invoke-Phant0m an excellent Microsoft Windows eventlog wiper. This post is about PSAttack, a framework which tries to include almost all Microsoft PowerShell scripts that can be used in a penetration test. Read more about PSAttack: A Offensive PowerShell Console!
With the recent spread of a malware which the industry is calling by many names - Petya, NotPetya, Pnyetya and what not! One thing is for sure though - it rewrites your Master Boot Record (MBR) to render your system unusable. One of the many ways to avoid this from happening is by using MBRFilter from the Cisco Talos group. Read more about MBRFilter: A Tool To Protect Against MBR Infection!