Ludus has been terrific for quickly setting up comprehensive environments for testing security tools, C2 frameworks and any custom developed tool. However, quite often I wasn’t able to use the environment because I wasn’t at home currently or working on a different machine. Therefore, I looked into making my Ludus ranges available remotely. I strongly dislike opening up any ports on my home network, and I am not always able to have outbound VPN traffic.
Beacon object files (BOF) are the new method for conducting post-exploitation activities on compromised systems. BOFs are more OPSEC friendly than the previously popular fork and run tradecraft. This blog aims to provide the necessary tools and knowledge to start incorporating BOFs in your hacking toolkit. This guide is aimed at experienced penetration testers that want to get an understanding of BOFs and their benefits. I will cover the following topics:
Crafting truly artisanal and tailor-made malware requires a good development and testing setup. Over the last few years I have repeatedly installed and configured testing labs containing Windows virtual machines to write code, test tools or experiment with Active Directory. I have gratefully made use of the evaluation license offered by Microsoft for my lab setup. Unfortunately it expires after 90 days, thus blessing you with the pleasure of experiencing the installation and configuration process once more.
NimPlant is a light-weight first-stage Command & Control (C2) written in the Nim programming language. The NimPlant repository on GitHub has an open issue indicating that the current sleep obfuscation implementation does not work for the DLL and shellcode payloads. I have recently taken the Malware Development courses from Sektor7 and decided to put the theory into practice by fixing the current sleep obfuscation implementation. This post documents the steps I have taken to troubleshoot and implement sleep obfuscation for the DLL and shellcode payloads.
