CYBER MONGOL
  • ASATA
  • Our Journey
  • Intelligence Engine
  • Human-Machine Teaming
  • Operator Research
  • Achievements and Media
  • Counter Intelligence
  • ASATA
  • Our Journey
  • Intelligence Engine
  • Human-Machine Teaming
  • Operator Research
  • Achievements and Media
  • Counter Intelligence
Search by typing & pressing enter

YOUR CART

3/29/2021

Part 1: Custom Dropper Using ngrok to Expose Victim Filesystem over HTTPS

Part1: 

​*Custom Dropper Using ngrok to Expose Victim Filesystem over HTTPS* Without leveraging a high integrity context, the dropper is able to download ngrok (SmartScreen normally flags this binary) and executes it in a way that makes the file system, where it was executed, available publicly through an HTTPS tunnel. We used a VBS script to kick off the dropper, making it execute the .cmd file without an output window. GotIt.txt was just simulated data to be exfiltrated but this dropper will be paired with a trending LSA dump technique, in the coming days. Testing was against Microsoft Defender for Endpoint (BlockMode + Automated Investigations) - zero detections. Advanced adversaries such as APT33, APT34 and APT 39 (sub-group of APT34) use ngrok quite skillfully, in order to meet various objectives.

FoxKitten Campaign: https://lnkd.in/eNaYvuJ

#infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam

Comments are closed.

    Archives

    December 2021
    November 2021
    October 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    September 2020
    August 2020
    July 2020

    Categories

    All

    RSS Feed

contact us:
© COPYRIGHT 2015. ALL RIGHTS RESERVED.