Bengaluru, Karnataka, INDIA 560042
+91-9784367546, +91-8839669785
support@cyberwarfare.live

Tag: Red Team

A Real World Adversary Labs

Server Software Component: Web Shell [T1505.003]

Attacker escalates privilege or maintains persistent access on an already compromised web application using malicious scripts called a web shell. A Web shell is used in the post-exploitation phase as a web shell itself cannot attack or exploit a remote vulnerability. An attacker may take advantage of common web application vulnerabilities such as SQL injection, remote file…
Read more

Event Triggered Execution: AppInit DLLs [T1546.010]

What is Applnit DLL? It is the mechanism that allows a custom list of DLLs to be loaded into the address space of each user-mode process on the system. This will help attackers achieve persistence as DLL can be loaded and execute code when application processes are created on the system. But it is to be…
Read more

MITRE Shield

Understanding the increasingly complex threats faced by industrial and critical infrastructure organizations is not a simple task. It has always been a great question that how do you know that you are secure? MITRE has been diligently working to document tactics and techniques to actively defend against the attacks and answer this very challenging question.…
Read more

Group Policy Modification(T1484)

What is a Group Policy Object (GPO)? A Group Policy Object (GPO) is a group of settings that can be used as a resource in a Microsoft operating system to control user accounts and user activity. The Group Policy Object is implemented in an Active Directory system and can be associated with a single or…
Read more

Scheduled Task/Job(T1053)

Overview: What are scheduled tasks?? Scheduled tasks are containers that contain information about what should happen and at what time. In a nutshell,” scheduled tasks are events which occur at certain time intervals under specified conditions like once an hour, once a day, once in a fortnight, once a month”. For instance, one can set…
Read more

Command and Scripting Interpreter (T1059)

Overview: What is an interpreter?? According to computer science, “Interpreter is a computer program that executes the instructions present in a program or scripting language, without the need of compiling it beforehand i.e. converting it into a machine/byte code.” We have a  number of interpreted languages like Perl, Python,Matlab, Lua, JavaScript and etc. What are…
Read more

Inter Process Communication [T1559]

OVERVIEW Computers have been evolved over the past decade, we can observe many changes in the computer architecture and design like the tremendous evolution from the punch card to quantum computing. In this journey of evolution, we can observe many new technologies that have replaced the existing one. Before we jump into the topic we…
Read more

Abusing System Services [T1569] to maintain persistance

OVERVIEW Before the period of automation people started spending their time on manual works, like checking for updates, monthly/weekly backup etc, after the evolution of system services, corns and Launchctl, they brought a solution to the manual works and it has been considered as an evolution of automation.  Even though these techniques will result in…
Read more

Email Security(T1566)

Email: Email, short for “Electronic mail” is one of the most used services by the netizens along with the web services. It allows them to communicate across the world sending messages to and from anyone with the help of known email addresses. It uses multiple TCP/IP protocols, for its functionality as mentioned below: SMTP: simple…
Read more

Drive-by-Compromise(T1189)

Introduction: In the past few years, browser-based exploitation has become one biggest security concern among security professionals. It’s been more difficult to implement detective and preventive measures against these types of attacks. Let us discuss the overview of drive-by compromise and brief information about some historical attack named Aurora exploit. Drive-by compromise is a technique…
Read more