PoolParty Process Injections, SysJoker, NetSupport RAT, & More: Hacker's Playbook Threat Coverage Round-up: December 2023

In this version of the Hacker's Playbook Threat Coverage round-up, we are highlighting attack coverage for newly discovered or analyzed threats, including those based on original research conducted by SafeBreach Labs.
SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker's Playbook to ensure coverage against these advanced threats.
Additional details about the threats and our coverage can be seen below.
SafeBreach Labs researchers recently developed a brand-new set of process injection techniques that can completely bypass the defenses of several leading EDR tools.
By using Windows thread pools as a novel attack vector, they were able to trigger malicious execution because of a completely legitimate action.
This research was first presented at Black Hat Europe 2023 in December 2023.
The SafeBreach platform has been updated with the following attacks to ensure our customers can validate their EDR tools against techniques discovered in this original research.
SysJoker is a stealthy Windows, Linux, and macOS malware written in C++ that was first discovered by threat researchers at Intezer in December 2021.
VMware researchers have observed a recent uptick in attacks involving this RAT variant, primarily targeting entities in the government, education, and business sectors.
Its important to note that the NetSupport RAT, once installed, is very robust and powerful, and threat actors can leverage it in any way they see fit.
Threat researchers from Qualys recently came across a new version of an existing ransomware family pretending to be VX-Underground.
Threat researchers frequently use this open-source community to gain access to malware code that their peers around the world share.
A Golden Ticket attack is a malicious cyber attack that provides the attacker with the opportunity to gain almost unlimited access to an organizational domain by exploiting weaknesses in the Kerberos identity authentication protocol.
By targeting the user data stored in the Active Directory, the attacker can get access to the organizational devices, files, domain controllers, and more.
Using a golden ticket, adversaries are then able to request ticket granting service tickets, which enable access to specific resources.
SafeBreach's Golden Ticket attack simulation starts with a DCSync attack to retrieve the hash of the KRBTGT account.
Once the hash is retrieved, the simulation forges a golden ticket and injects the ticket into the running user's session by using a pass the ticket attack.
Training: Understand the methodology around ransomware attacks, persistent threats, and malware attacks.
Attack Scenario: Run safe-by-design, real-world ransomware attacks across the cyber kill chain on a single device of your choice.
Empower your team to understand more about ransomware attacks, methodologies, and behaviors-all through the lens of the attacker.


This Cyber News was published on securityboulevard.com. Publication date: Thu, 28 Dec 2023 12:43:04 +0000


Cyber News related to PoolParty Process Injections, SysJoker, NetSupport RAT, & More: Hacker's Playbook Threat Coverage Round-up: December 2023