Explore >> Select a destination
|
You are here 
|
www.huntandhackett.com | ||
| | | | |
www.cybereason.com
|
|
| | | | | Cybereason GSOC observed distribution of the Bumblebee Loader and post-exploitation activities including privilege escalation, reconnaissance and credential theft. Bumblebee operators use the Cobalt Strike framework throughout the attack and abuse credentials for privilege escalation to access Active Directory, as well as abusing a domain administrator account to move laterally, create local user accounts and exfiltrate data... | |
| | | | |
blog.talosintelligence.com
|
|
| | | | | By Flavio Costa, * In a recent customer engagement, we observed a month-long AvosLocker campaign. * The attackers utilized several different tools, including Cobalt Strike, Sliver and multiple commercial network scanners. * The initial ingress point in this incident was a pair of VMWare Horizon Unified Access Gateways that were vulnerable to Log4Shell. | |
| | | | |
securityinaction.wordpress.com
|
|
| | | | | TL; DR In recent months threat actors have been leveraging alternative means of compromising Windows based systems in order to evade detection. Make certain to download and install software from legitimate sources and where possible make use of the Windows driver blocklist (further recommendations listed below). ==================== By employing techniques such as DLL sideloading (defined... | |
| | | | |
0xdf.gitlab.io
|
|
| | | Active was an example of an easy box that still provided a lot of opportunity to learn. The box was centered around common vulnerabilities associated with Active Directory. There's a good chance to practice SMB enumeration. It also gives the opportunity to use Kerberoasting against a Windows Domain, which, if you're not a pentester, you may not have had the chance to do before. | ||
