CYBER MONGOL
  • ASATA
  • Our Journey
  • Intelligence Engine
  • Human-Machine Teaming
  • Operator Research
  • Achievements and Media
  • Counter Intelligence
  • ASATA
  • Our Journey
  • Intelligence Engine
  • Human-Machine Teaming
  • Operator Research
  • Achievements and Media
  • Counter Intelligence
Search by typing & pressing enter

YOUR CART

4/2/2021

Step 2 - Custom FUD Dropper in C#: Privilege Escalation Logic Added

​*Step 2 - Custom FUD Dropper in C#: Privilege Escalation Logic Added* Continuing the build on the dropper that can pull in commoditized tooling that our engine sees signals on, I wrote the logic that would assess the current SID and determine if the process was in medium or high integrity. If in medium, the logic branches off and downloads a UAC bypass (commoditized tooling) before it injects a Covenant grunt, resulting in a high integrity context. The dropper ran good against standard Defender AV (undetected) but was burned against MDE EDR (medium integrity injection still worked), which was to be expected. I still have some OpSec work to do on the dropper’s UAC bypass before it is ready to tackle the big dog (MDE EDR) and run FUD.
 

 
#infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam

Comments are closed.

    Archives

    December 2021
    November 2021
    October 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    September 2020
    August 2020
    July 2020

    Categories

    All

    RSS Feed

contact us:
© COPYRIGHT 2015. ALL RIGHTS RESERVED.