CYBER MONGOL
  • ASATA
  • Our Journey
  • Intelligence Engine
  • Human-Machine Teaming
  • Operator Research
  • Achievements and Media
  • Counter Intelligence
  • ASATA
  • Our Journey
  • Intelligence Engine
  • Human-Machine Teaming
  • Operator Research
  • Achievements and Media
  • Counter Intelligence
Search by typing & pressing enter

YOUR CART

3/29/2021

Part 2: Trending LSASS Dumper Paired with ngrok Exfiltration

*Trending LSASS Dumper Paired with ngrok Exfiltration* Sensors have been observing growing human momentum behind MirrorDump which is bound to a highly amplified social structure, directly connected to other significant and effective exploit tools – making adversary adoption of MirrorDump highly probable.  MirrorDump is an LSASS dumping tool that uses a dynamically compiled LSA plugin to grab a handle to lsass and API hooking for capturing the resulting dump in memory. We paired this with our ngrok dropper from a few days ago but MirrorDump is getting flagged for signature (AV) which we haven’t rectified yet. The video shows the functionality of the dropper, LSASS dumper and the exfil of the memory dump with no endpoint protections enabled and then with the full MDE stack. With a bit more work to evade signature detections, this could be an extremely effective vector. Lastly, this would need to be paired with a Privilege Escalation to dump LSASS (we just launched from admin).
 
MirrorDump: https://github.com/CCob/MirrorDump
 

 
#infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam

Comments are closed.

    Archives

    December 2021
    November 2021
    October 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    September 2020
    August 2020
    July 2020

    Categories

    All

    RSS Feed

contact us:
© COPYRIGHT 2015. ALL RIGHTS RESERVED.