filmov
tv
Redteam: Generate evasive LNK dropping Mythic implant DLL with MacroPack Pro
Показать описание
As exploiting Office formats became harder, malicious Windows shortcuts (LNKs) usage increased upon threat actors and redteams.
MacroPack Pro implements advanced LNK generation features. Including multiple options and customization possibilities.
In this demo, we use Mythic C2 with merlin agent as our second stage.
This video demonstrates the next features:
- Weaponized shellcode loader DLL generated by ShellcodePack
- Generation of LNK dropping and running the DLL with MacroPack Pro
- LNK with advanced evasive method (no use of Powershell, VBscript, Certutil, etc)
- PDF icon spoofing
- Compatibility with Mythic C2 Framework
- Bypass of Defender Antivirus (note this scenario was successfully tested on multiple Antivirus and EDRs)
==== Prerequisite ====
As a prerequisite. You need to setup a Mythic C2 environment.
Warning: Mythic takes 20 Giga Bytes of disk space.
==== Here is the ShellcodePack command line used to generate the dropped DLL ====
Option details:
* -i option to pass the raw shellcode we want
* The -G option is there to generate a new payload (a DLL file).
* --bypass option automatically expands into multiple options obfuscating and weaponizing the payload
* --dll-export=sc_main --dll-run-shellcode-from-dll-export are necessary to run the DLL
==== Here is the MacroPack Pro command line equivalent to the selected GUI options ====
Option details:
* The -G option is there to generate a new payload
* --template=EMBED_RUN MacroPack Pro template to drop and run an embeded executable, dll, or script
* --lnk-run-method option is used to select how the LNK works
* --bat-embed-method is used to select the method used to drop the embeded DLL
* -e option to select the generated dll as input file
=========================================================================
MacroPack Pro and ShellcodePack are commercial tool for professional pentesters and redteamers.
Mythic is a cross-platform, modular, redteaming open source C2 framework.
MacroPack Pro implements advanced LNK generation features. Including multiple options and customization possibilities.
In this demo, we use Mythic C2 with merlin agent as our second stage.
This video demonstrates the next features:
- Weaponized shellcode loader DLL generated by ShellcodePack
- Generation of LNK dropping and running the DLL with MacroPack Pro
- LNK with advanced evasive method (no use of Powershell, VBscript, Certutil, etc)
- PDF icon spoofing
- Compatibility with Mythic C2 Framework
- Bypass of Defender Antivirus (note this scenario was successfully tested on multiple Antivirus and EDRs)
==== Prerequisite ====
As a prerequisite. You need to setup a Mythic C2 environment.
Warning: Mythic takes 20 Giga Bytes of disk space.
==== Here is the ShellcodePack command line used to generate the dropped DLL ====
Option details:
* -i option to pass the raw shellcode we want
* The -G option is there to generate a new payload (a DLL file).
* --bypass option automatically expands into multiple options obfuscating and weaponizing the payload
* --dll-export=sc_main --dll-run-shellcode-from-dll-export are necessary to run the DLL
==== Here is the MacroPack Pro command line equivalent to the selected GUI options ====
Option details:
* The -G option is there to generate a new payload
* --template=EMBED_RUN MacroPack Pro template to drop and run an embeded executable, dll, or script
* --lnk-run-method option is used to select how the LNK works
* --bat-embed-method is used to select the method used to drop the embeded DLL
* -e option to select the generated dll as input file
=========================================================================
MacroPack Pro and ShellcodePack are commercial tool for professional pentesters and redteamers.
Mythic is a cross-platform, modular, redteaming open source C2 framework.
0:03:30
Redteam: Generate evasive LNK dropping Mythic implant DLL with MacroPack Pro
0:53:46
DEF CON Safe Mode Red Team Village - Gabriel Ryan - dropengine Malleable Payload Creation Framework
0:00:34
Redteam: Generate an obfuscated HTA carrying Meterpreter shellcode with MacroPack Pro
0:01:11
Redteam: Use MacroPack Pro to generate a persistent VBA Excel shellcode launcher
1:09:46
RedTeam Tricks Exposed - Reversing Engineering Syscalls To Evade Detection
0:19:00
How Hackers Use netsh.exe For Persistence & Code Execution (Sliver C2)
0:01:20
Redteam: Word VBA inject shellcode and bypass antivirus using MacroPack Pro
0:32:07
Red Team - Powershell Empire Custom Module - Compromising a Jenkins Pod and Control Pane node
0:18:50
Ironcat Malware Episode 2 - String Based Detection Evasion
0:24:47
Windows Red Team Lateral Movement Techniques - PsExec & RDP
0:59:36
Learning by Doing: Building and Breaking a Machine Learning System -- Johann Rehberger
1:00:09
JawnCon0x1 - Max Covey - Developing Highly Evasive Malware
0:54:22
Linux Red Team Persistence Techniques - SSH Keys, Web Shells & Cron Jobs
0:58:55
Offensive Ops In macOS Environments - by Cedric Owens
0:47:26
Dimitry Snezhkov - Zombie Ant Farm Practical Tips for Playing Hide and Seek - DEF CON 27 Conference
0:50:44
Defeating EDRs using Dynamic invocation by Jean-Francois Maes
0:19:05
'Living Off The Land' Binaries - Part-2 | Red Team Operations //Perumal Jegan
0:29:06
Advanced Threat Tactics (1 of 9): Operations
0:50:26
Scaling Red Team Operations - by Sunny Neo
1:05:47
Red teaming: phishing attack techniques
0:18:33
Micro Emulation Plans: Making Adversary Emulation Accessible
0:47:52
MITRE ATT&CK: The Play at Home Edition
0:51:38
Thinking Like an Attacker: An Introduction to Red Team Security
0:00:45
Redteam: Excel 4.0 macro (XLM) dropper payload using MacroPack Pro
Комментарии