UAT-8837 targets critical infrastructure sectors in North America

Cisco Talos is closely tracking UAT-8837, a threat actor we assess with medium confidence is a China-nexus advanced persistent threat APT actor based on overlaps in tactics, techniques, and procedures TTPs with those of other known China-nexus threat actors. Based on UAT-8837's TTPs and...

Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure

U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the threat actors have adopted to deploy the file-encrypting malware. "Structured as a ransomware as a...

GoodHound - Uses Sharphound, Bloodhound And Neo4j To Produce An Actionable List Of Attack Paths For Targeted Remediation

Attackers think in graphs, defenders think in actions, management think in charts. GoodHound operationalises Bloodhound by determining the busiest paths to high value targets and creating actionable output to prioritise remediation of attack paths. Usage Quick Start For a very quick start with mo...

Detection evasion in CLR and tips on how to detect such attacks

In terms of costs, the age-old battle that pits attacker versus defender has become very one sided in recent years. Almost all modern attacks and ethical offensive exercises use Mimikatz, SharpHound, SeatBelt, Rubeus, GhostPack and other toolsets available to the community. This so-called...

WinPwn - Automation For Internal Windows Penetrationtest

In many past internal penetration tests I often had problems with the existing Powershell Recon / Exploitation scripts due to missing proxy support. For this reason I wrote my own script with automatic proxy recognition and integration. The script is mostly based on well-known large other offensi...

BloodHound Ingestor

This module will execute the BloodHound C Ingestor aka SharpHound to gather sessions, local admin, domain trusts and more. With this information BloodHound will easily identify highly complex attack paths that would otherwise be impossible to quickly identify within an Active Directory environmen...

Active Directory Privilege Relationships: BloodHound

BloodHound is a single page Javascript web application, built on top of Linkurious , compiled with Electron , with a Neo4j database fed by a PowerShell ingestor . BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attacks c...