*Step 2 - Custom FUD Dropper in C#: Privilege Escalation Logic Added* Continuing the build on the dropper that can pull in commoditized tooling that our engine sees signals on, I wrote the logic that would assess the current SID and determine if the process was in medium or high integrity. If in medium, the logic branches off and downloads a UAC bypass (commoditized tooling) before it injects a Covenant grunt, resulting in a high integrity context. The dropper ran good against standard Defender AV (undetected) but was burned against MDE EDR (medium integrity injection still worked), which was to be expected. I still have some OpSec work to do on the dropper’s UAC bypass before it is ready to tackle the big dog (MDE EDR) and run FUD.
#infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam