HackerTrans
TopNewTrendsCommentsPastAskShowJobs

MrMrtn

no profile record

comments

MrMrtn
·vor 3 Jahren·discuss
> So it seems like a catalogue of (possible?) exploits in commonly-available executables, libraries and scripts that may already be present on a target machine

That is pretty correct, but it is not necessarily an exploit or vulnerability in the binary. More often than not, it is a quirk or a way to use the binary which is unknown/uncommon, but might not appear on a defenders' radar.

We generally try to (ab)use functionality in pre-existing software to avoid security mechanisms (like AppLocker) and detections (like AV/EDR, or rules created by a SOC when analysing execution logs in a SIEM). Often we discover that a target computer has been hardened in some form or fashion, and we have to get "creative" when trying to download, execute or exfiltrate data during security assessments.
MrMrtn
·vor 5 Jahren·discuss
For those of us working incident response, it is exactly what is keeping us up at night these days