Category: <span>persistence</span>

Adding DCSync Permissions from Linux

January 19, 2022
PentestingpersistencePost Exploitation
0 Comment

Recently I came upon an attack path in BloodHound that looked like this: I had control of a computer object (an Exchange server) that effectively had WriteDacl over the domain. I had a few constraints as well: All systems were configured with EDR I only had the AES key of the computer account, not the…

Read More

Introducing Slackor, a Remote Access Tool Using Slack as a C2 Channel

June 19, 2019
PentestingpersistencePost ExploitationResearch
0 Comment

As a penetration tester at Coalfire Labs, I frequently use exploitation frameworks such as Metasploit or PowerShell Empire to perform post-exploitation actions on compromised endpoints. While anti-virus (AV) bypass and detection avoidance is often trivial in all but the most mature environments, detections from AV have caused me to look toward custom tooling to mitigate…

Read More

Removing Backdoors – Powershell Empire Edition

January 30, 2017
DefenseIncident Responsepersistence
0 Comment

                  I’m a big fan of Powershell Empire for penetration testing.   If you haven’t heard of it, it is a post-exploitation framework which uses powershell agents to run post-exploitation scripts on a target system.  This blog post is meant to address a small subset of the…

Read More

Using email for persistence on OS X

October 28, 2016
OSXpersistencePost ExploitationResearch
0 Comment

In this post we will cover how we can use Mail.app on OS X to persist.  I was inspired by similar tools which are designed to work with Microsoft Outlook.  I first stumbled upon this article from MWR InfoSecurity, and then this blog post from Silent Break Security.  While rules in Mail.app will not replicate…

Read More