Attack Tool(s): Metasploit, PowerShell, ShimGenerator, sdb-explorer, Atomic Red Team (ART)
- Metasploit: https://www.metasploit.com
- PowerShell: Native Windows tool.
- ShimGenerator: https://github.com/mandiant/ShimGenerator
- sdb-explorer: https://github.com/mandiant/sdb-explorer
- ART: https://github.com/redcanaryco/atomic-red-team
Detection Link(s):
- Endpoint Security Protection Analysis
- Endpoint Security
- Memory Analysis
Helpful Blogs (BHIS):
- “Backdoors & Breaches: Logon Scripts” – https://www.blackhillsinfosec.com/backdoors-breaches-logon-scripts – Persistence context.
