Light

nfttkcauzy / apt-attack-simulation Goto Github PK

View Code? Open in Web Editor NEW

This project forked from 0xhossam/apt-attack-simulation

0.0 0.0 0.0 817 KB

A APT Attack Simulation for APT 29 & Lockbit

C++ 12.99% Python 7.93% C 8.35% C# 2.91% PowerShell 3.03% HTML 64.79%

apt-attack-simulation's Introduction

APT-Attack-Simulation

A APT Attack Simulation for APT 29 & Lockbit

Authors

Abdulrhman Mohammed => https://github.com/de3vil
Abdallah Mohammed => https://github.com/abdallah-elsharif/
Hossam Ehab => https://github.com/0xHossam

How does it works!

The attack contains main three stages

First Stage:

The attack begins with an email that contains a specially crafted HTML page that includes a malicious code. Upon opening the malicious page, an ISO file is downloaded that contains the malicious files.
The malicious file performs two actions

Drops an ISO file (Second Stage)
Sends a request to a malicious SMB server controlled by the attackers to steal the user's NTLM Hash for lateral spread.

Second Stage

The ISO file is opened and contains a forged lnk file that appears to be a PDF file from its icon, but it actually points to an exe file. When the exe file is executed, it opens the PDF file.
Upon execution of the malicious exe file, the PDF file is also executed. DLL and bin files are loaded, a registry key is added for persistence, and the DLL runs During this stage.
At this point, the attacker enables UAC bypass, gains system administrator privileges, hijack Windows Defender, and loads the malicious DLL instead of the original file. This allows the attacker to invisibly direct the malicious functions on the victim's machine, download more malware, and achieve system persistence.

Third Stage

Third stage

The DLL acts as a Loader to read the encrypted bin file and decrypt it in memory and try to hide from detection and run.

apt-attack-simulation's People

Contributors

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.