By reading this you accept that I do not accept responsibility for how you use of this guide / tool and it should only be used for educational purposes only.
We will dive into delivery 📦.
Thinking about OPSEC we will pivot away from using a session implant and use a beacon instead.
generate beacon --mtls example.com
We will look into the armory, and choose tools to run using our becon implant. We will use the armory in the future as well when we discuss priv. escalation, exfiltration, & other red teaming techniques.
As a continuation of my first blog post about Sliver previously we discussed how Microsoft Security Applications such as Defender, and Microsoft Defender Smart Screen blocked the ability to dl implants onto a our lab laptop victim machine. In order to solve this issue, we will look into: The Red Teaming Toolkit and utilize tools within this kit to see if we can solve this issue.
After looking into The Red Teaming Toolkit I decided to list a few different tools that could be used for delivery of our executable. The red teaming toolkit imo is a great toolkit filled with open source tools any red team could utilize. A few of the tools below.
- ScareCrow — Payload creation framework designed around EDR bypass.
- ProtectMyTooling — Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry.
- macro_pack — Used to automatize obfuscation and generation of MS Office documents
- EvilClippy — A cross-platform assistant for creating malicious MS Office documents.
The Armory allows you to automatically install various 3rd party tools In this case we will install bundles. Two, one being the window-bypass bundle, the other being the window-credentials bundle.