*Custom FUD Dropper in C#: RED/BLUE Perspectives*I wrote a custom dropper in C# that reaches back to adversary infrastructure via ngrok, downloads a DLL injector, looks for and(or) starts rdpclip.exe and then injects a Covenant C2 implant into that process. The dropper ran completely undetected and even passed two cloud delivered security scans (“Your administrator requires a security scan”). Testing was conducted against the MDE stack (AV/EDR (BlockMode AutoRemediation)).
#infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam Comments are closed.
|
Archives
April 2021
Categories |