[Nulled] » Information security » In recent years, the use of Cobalt Strike and Metasploit as tools for attacks on various
January 25 2023

In recent years, the use of Cobalt Strike and Metasploit as tools for

In recent years, the use of Cobalt Strike and Metasploit as tools for attacks on various types of systems has become very popular among attackers.

However, using these tools, security tools have learned to detect and stop attacks based on the information collected. In order to avoid detection of EDR and various antivirus solutions, hackers had to try other options. 

I didn't have to search for a long time, since recently experts have seen a surge of interest in an open source cross-platform kit called Sliver, which appeared after Brute Ratel.

Moreover, a number of actors posing a threat on a national scale have already adopted and integrated the Sliver C2 framework into their invasion campaigns.

At first, attackers switched to Brute Ratel, a tool that simulates attacks by attackers in order to evade security products, as an alternative to Cobalt Strike, but progress in the development of such solutions prompted them to switch to Sliver.

Microsoft has already tracked the adoption of Sliver as an attack tool by the hacker group DEV-0237 or FIN12, as well as several other ransomware operators involved in the gang's activities, such as BazarLoader and TrickBot.

Despite the fact that the Sliver infrastructure is considered a new threat, there are ways to detect malicious activity. 

To identify Sliver, Microsoft provides defenders with a set of TTP that can be used to identify them.

For example, the unconfigured C2 codebase, which contains the official and unmodified code for detecting Sliver payloads, will help detect those payloads. There are also commands that can be used to implement processes when searching for threats, such as: migrate, spawndll, sideload, msf-inject, execute-assembly, getsystem.

The manual and the set of rules for detection and the manual can be found in the public domain. In the case of the customized version of Sliver, alas, things are more complicated, but Microsoft and other specialists in the field are actively working on finding solutions.

Cybereason experts believe that the software is used as a second stage to perform the next steps of the attack chain after the computer has already been compromised using one of the initial invasion vectors - targeted phishing or uncorrected vulnerabilities.

The alleged sequence of attacks detailed by the Israeli company shows that Sliver can be used to elevate privileges, followed by the theft of credentials and horizontal movement, in order to eventually capture a domain controller to steal sensitive data.

According to the researchers, Sliver has previously been used as a weapon by such well-known groups as APT29 (Cozy Bear), Shathak (TA551) and Exotic Lily (Projector Libra), the latter of which is attributed to the malicious Bumblebee loader.

However, Sliver is far from the only open source platform that can be used for malicious purposes.

Last month, Qualys revealed how several hacker groups, including Turla, Vice Society and Wizard Spider, used Empire to post-exploit and expand their positions in the victim's environment.

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.

Comments:

This publication has no comments yet. You can be the first!

Information the publication:

  • Author of the publication: AdequateSchizo
  • Date of publication: 25 January 2023 15:52
  • Publication category(s): Information security
  • Number of views of the publication: 394
  • Number of comments to the publication: 0

Related News

15 January 2023
Information security
🔓 A free decryptor has

🔓 A free decryptor has appeared for the MegaCortex ransomware Bitdefender has released a tool for decrypting files

Read more
16 January 2023
Information security
K7 Security Labs

K7 Security Labs resellers have discovered a campaign by an unknown actor, presumably based in China, who uses

Read more
24 November 2022
WordPress»,WordPress Plugins
Hide My WP Ghost v6.0.22

Hide My WP Ghost is a WordPress security plugin. This is one of the best security systems thanks to hidden

Read more
20 January 2023
Social Engineering
🧠 S.E. Note. Classical

🧠 S.E. Note. Classical social engineering. • To carry out a successful attack, attackers need three components:

Read more
23 January 2023
Information security
Horizon3 Attack Team

Horizon3 Attack Team resellers warn that by the end of the week, a PoC for a critical RCE vulnerability affecting

Read more

Information

Users of 🆅🅸🆂🅸🆃🅾🆁 are not allowed to comment this publication.

Site Search

Site Menu


☑ Websites Scripts

Calendar

«    December 2024    »
MonTueWedThuFriSatSun
 1
2345678
9101112131415
16171819202122
23242526272829
3031 

Advertisement

Survey on the website

Evaluate the work of the site
 

Statistics

  • +4 Total articles 6751
  • +16 Comments 4237
  • +26 Users : 6074