command and control Archives - LRQA Nettitude Labs

Creating an IR Nightmare Drop Box

A common objective of physical assessments is placement of a drop box to establish communication out of the network environment. A few years ago, the choices were limited to NUC or a Raspberry [...]

By Patrick Matthews|2023-04-21T08:59:37+00:00April 21, 2023|

Introducing SharpWSUS

Today, we're releasing a new tool called SharpWSUS. This is a continuation of existing WSUS attack tooling such as WSUSPendu and Thunder_Woosus. It brings their complete functionality to .NET, in a way that [...]

By Phil Keeble|2022-05-05T12:10:08+00:00May 5, 2022|

Introducing MalSCCM

During red team operations the goal is often to compromise a system of high value. These systems will ideally be segmented from the wider network and locked down to prevent compromise. However, the [...]

By Phil Keeble|2022-05-04T14:19:14+00:00May 4, 2022|

Introducing PoshC2 v8.0

We're thrilled to announce a new release of PoshC2 packed full of new features, modules, major improvements, and bug fixes. This includes the introduction of a brand-new native Linux implant and the capability [...]

By Charley Celice, Joel Snape, Rob Bone|2022-03-30T15:43:37+00:00March 30, 2022|

Introducing RunOF – Arbitrary BOF tool

A few years ago, a new feature was added to Cobalt Strike called “Beacon Object Files” (BOFs). These provide a way to extend a beacon agent post-exploitation with new features, perhaps to respond [...]

By Joel Snape|2022-03-09T15:48:37+00:00March 2, 2022|

PoshC2 – Introducing Native macOS Implants

Over the past few years, we have seen an increase in the number of macOS environments we are asked to assess. While PoshC2 has “supported” macOS by way of Python since the very [...]

By Kirk Hayes|2021-04-14T19:31:47+00:00April 14, 2021|

Introducing PoshC2 v7.0

There have been some big improvements and new features added to PoshC2 and we're excited to announce the release of PoshC2 v7.0. More and more people have started contributing to the project and [...]

By Ben Turner and Doug McLeod and Rob Bone|2020-12-07T22:15:41+00:00August 20, 2020|

Detecting PoshC2 – Indicators of Compromise

As a counterpart to the release of PoshC2 version 6.0 we are providing a list of some of its Indicators of Compromise (IoCs), particularly as used out-of-the-box, as well as some other effective methods [...]

By Rob Bone|2020-12-07T22:26:19+00:00June 17, 2020|

Introducing PoshC2 v6.0

We are pleased to release the latest version of PoshC2 - v6.0. Version 6.0 includes a number of significant and exciting features, in addition to the usual plethora of bug fixes and small [...]

By Rob Bone and Ben Turner|2020-12-18T23:18:43+00:00May 18, 2020|

Introducing PoshC2 v5.0

PoshC2 v5.0 is here and there are significant changes and improvements that we’re very excited to reveal! There's been a move to Python3, much improved documentation, significant functionality and quality of life improvements, [...]

By Rob Bone|2021-01-07T19:09:54+00:00November 12, 2019|