Setting up a free & anonymous phishing infrastructure in the cloud: link
TTP Report
Abusing the cloud: poor man’s phishing infrastructure
There are numerous threat intel reports mentioning abuse of public cloud infrastructure by different groups and individuals. What I want to explore here is how viable this is today and, most importantly, can I do it absolutely anonymously and spending exactly…
Releasing ActiveMaim! A new(er) way to evade detection of your VBA macros: link
TTP Report
Releasing ActiveMaim!
A few months ago JPCERT/CC released a “new” techinque they’ve encountered, where Bad Guys generated a DOC/PDF polyglot to bypass VBA detection. I’ve put “new” in quotes just because veterans definitely remember exactly the same technique being used as early…
Releasing Ligolo-mp! Convenient pivoting, now with multiplayer: link
TTP Report
Releasing Ligolo-MP!
When it comes to pivoting, your trusty C2’s socks chains are the usual choice, but they are a pain in the ass, especially when you don’t need stealth. Until recently, I’ve mostly used Chisel in such instances, I’ve also played around with tun2socks on top…
🔥5
SiphonDNS: covert data exfiltration via DNS: link
TTP Report
SiphonDNS: covert data exfiltration via DNS
When you end up in a more strictly controlled environment, HTTP and DNS are likely the only protocols allowed to go outside. Furthermore, you can bet on both being proxied and highly monitored. This time, I’ll focus on some opportunities to hide traffic within…
Ligolo-MP 2.0: automagic & GUI: link
TTP Report
Ligolo-MP 2.0: automagic & GUI
It’s been over a year since I’ve released original Ligolo-MP and despite being quirky and very specialized, it has proven its worth for quite a lot of people. Now, with the next iteration, the main goal was to remove complex setup, simplify usage and increase…
🔥3
It's been a while since the last post and more research & tools is coming soon, but in the meanwhile, Ligolo-MP 2.1 is finally out: link
It now supports intersecting routes and metrics to quickly carve out these pesky small VLANs without redoing every route. You can also move routes between sessions and edit routes in-place now too. And for easier debugging of the routing scheme you end up with, there's now an internal tracerouting tool.
Your feedback and bug reports are highly appreciated!
It now supports intersecting routes and metrics to quickly carve out these pesky small VLANs without redoing every route. You can also move routes between sessions and edit routes in-place now too. And for easier debugging of the routing scheme you end up with, there's now an internal tracerouting tool.
Your feedback and bug reports are highly appreciated!
GitHub
Release v2.1.0 · ttpreport/ligolo-mp
Changelog
Intersecting routes support
Internal traceroute support
Route prioritization (metrics) support
Moving routes feature
Editing routes feature
Minor bug fixes
Intersecting routes support
Internal traceroute support
Route prioritization (metrics) support
Moving routes feature
Editing routes feature
Minor bug fixes
11🔥7