Nemesis is a centralized data processing platform that ingests, enriches, and performs analytics on offensive security assessment data.
Nemesis was created by Lee Chagolla-Christensen and Will Schroeder, both security researchers at SpecterOps.
Knowledge about offensive tradecraft is difficult to scale due to the rapid pace at which new techniques are released, the vast array of technologies companies use, and the time requirements to learn about new tradecraft.
Offensive data is not unified: it's siloed inside specific tools and machines rather than being modeled and analyzed holistically.
File and tool output triaging is inconsistent due to differing levels of experience, training, knowledge, tedium, and time constraints.
Chagolla-Christensen told us that Nemesis aggregates data from several C2 platforms to a central location, where it then analyzes, enriches and provides collaborative UI interfaces for the data.
Document processing: Converts all documents to a PDF accessible in a browser, extracts text from the documents and makes them searchable, scans all the text in all documents/files for credentials, and attempts to crack password-protected documents.
Software vulnerability analysis: Extracts and stores common features from executable files, decompiles.
NET executables for potential vulnerabilities, and indexes source code so easily searchable/viewable.
Automatic decryption of sensitive data: Scans all files for data encrypted using Window's data protection API, tracks and cracks cryptographic keys used to protect this data, and automatically decrypts the data to reveal the sensitive data.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Tue, 12 Dec 2023 05:58:11 +0000