CYBER MONGOL
  • ASATA
  • Our Journey
  • Intelligence Engine
  • Human-Machine Teaming
  • Operator Research
  • Achievements and Media
  • Counter Intelligence
  • ASATA
  • Our Journey
  • Intelligence Engine
  • Human-Machine Teaming
  • Operator Research
  • Achievements and Media
  • Counter Intelligence
Search by typing & pressing enter

YOUR CART

4/5/2021

The Faza Agent by Cyber Mongol

*Cyber Mongol’s Adversary Tradecraft Simulator (Faza Agent): Check Privs, Elevate to High, Impair Telemetry, DLL Inject C2 Implant (High), Persist WMI(SYSTEM)* The Faza Agent utilizes Cyber Mongol’s Counter Cyber Intelligence (CCI) to pull in real, on-trend, commoditized tradecraft that tests advanced defenses. Faza will be available as an integration for Microsoft for Endpoint’s Evaluation Lab and additionally, a standalone offering.

We are still working on the mechanics of the agent and fully expected that we’d get busted by the EDR, flagging on the UAC bypass we are using. Faza’s current functionality is to check the integrity level of the process, bypass UAC, inject Covenant grunt for 1st C2 channel, disable MDE telemetry, add persistence with a WMI event subscription and then connect back to the C2 as SYSTEM, when the event subscription is triggered (starting Win store process).

 Currently, Faza is in its infancy but I thought it would be interesting to share as we build it out.

​
#infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam

Comments are closed.

    Archives

    December 2021
    November 2021
    October 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    September 2020
    August 2020
    July 2020

    Categories

    All

    RSS Feed

contact us:
© COPYRIGHT 2015. ALL RIGHTS RESERVED.