![]() ![]() ![]() The Windows Operating System is equipped with many out-of-the-box utilities to administer the system. We can then learn how these utilities collect such information, so that we can subsequently leverage these techniques in our red teaming tools. We will first explore which utilities are available for harvesting process information from a Windows computer. The tools (including source) can be found here: To be able to collect detailed process data from compromised end-points we wrote a collection of process tools which brings the power of these advanced process utilities to C2 frameworks (such as Cobalt Strike). Moreover, periodically polling process data allows us to react on changes within the environment or provide triggers when an investigation is taking place. Collecting and analysing data of running processes from compromised systems gives us a wealth of information and helps us to better understand how the IT landscape from a target organisation is setup. Having a good technical understanding of the systems we land on during an engagement is a key condition for deciding what is going to be the next step within an operation. In this blog post we are going to explore the power of well-known process monitoring utilities and demonstrate how the technology behind these tools can be used by Red Teams within offensive operations. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |