This way your beacon will only call home ONLY when you want it to call home. The beacon will enter a sleep state until an email with a given word (in subject or body) is provided. This is an implementation of an on-demand C2 using dotnet BOF. Most of the heavy lifting was done by wumb0in 4 ) On-demand C2 This one uses WMI events for lateral movement. 3 ) WMI Lateral Movement - Event Subscription This method uses the class Win32_Process. Similar concepts to the previous one, but an interesting learning experince. 2 ) WMI Lateral Movement - Win32_Process Create A short article can be about using COM objects in C can be found here. To use the current user, just leave the domain, username, and password empty. 1 ) DCOM Lateral MovementĪ quick PoC that uses DCOM (ShellWindows) via beacon object files for lateral movement.You can either specify credentials or use the current user.
0 kommentar(er)
