It’s been over a year since I’ve released original Ligolo-MP and despite being quirky and very specialized, it has proven its worth for quite a lot of people. Now, with the next iteration, the main goal was to remove complex setup, simplify usage and increase overall visibility of the network for the operators. If you’ve missed out on the origi...

When you end up in a more strictly controlled environment, HTTP and DNS are likely the only protocols allowed to go outside. Furthermore, you can bet on both being proxied and highly monitored. This time, I’ll focus on some opportunities to hide traffic within DNS that does not trigger traditional subdomain-based anomaly detection. Now, this is...

When it comes to pivoting, your trusty C2’s socks chains are the usual choice, but they are a pain in the ass, especially when you don’t need stealth. Until recently, I’ve mostly used Chisel in such instances, I’ve also played around with tun2socks on top of all that and it’s alright, but it’s a bit wonky and takes too much effort to set up and ...

A few months ago JPCERT/CC released a “new” techinque they’ve encountered, where Bad Guys generated a DOC/PDF polyglot to bypass VBA detection. I’ve put “new” in quotes just because veterans definitely remember exactly the same technique being used as early as 2014-2015. Well, maybe novelty here is that the Baddies figured out how good of a poly...

There are numerous threat intel reports mentioning abuse of public cloud infrastructure by different groups and individuals. What I want to explore here is how viable this is today and, most importantly, can I do it absolutely anonymously and spending exactly 0 money. In this writeup I’ll focus on building simple phishing infrastructure. Prefer...