thrilla_killa 0 Posted June 15, 2018 Author Share Posted June 15, 2018 I get that as well. Trust me, I completely know and understand how to strengthen security. That is my Blue Team's job. On the Red Team, my goal is to emulate threat actors and processes. In this case, again, very generic attacks were undetected from the client level. Other segments using other solutions detected these items and stopped them during or before runtime. Link to comment Share on other sites More sharing options...
itman 1,659 Posted June 15, 2018 Share Posted June 15, 2018 I am going to make one final comment and its in regards to Metasploit. Its legitimate use is to find system vulnerabilities. Its used illegitimately by attackers to exploit those vulnerabilities. It is universally agreed upon in the security community that one's best protection against being exploited is to apply all OS and software patches for them as soon as they are made available. There will always be software vulnerabilities and a 0-day to exploit an unknown one. Thankfully these are rare occurrence evidenced by their $100K plus price tag on the dark web. GitHub has a good article on Metasploit here: https://github.com/rapid7/metasploit-framework/wiki/How-to-use-a-Metasploit-module-appropriately : Quote What conditions the server must meet in order to be exploitable: Quite often, a vulnerability requires multiple conditions to be exploitable. In some cases you can rely on the exploit's check command, because when Metasploit flags something as vulnerable, it actually exploited the bug. As far as Next Gen protection against a 0-day exploit, I say it is no better than conventional AV solutions. This is simply because their AI engines have not been sufficiently "tuned" to recognize the new behavior being used. However, there are solutions like Cylance that will throw alerts on anything it hasn't seen run before regards of if the behavior is malicious or not. Even a whitelisting anti-exec solution isn't 100% effective since a trusted "forgotten" system utility process can be deployed as recent attack history has illustrated. Link to comment Share on other sites More sharing options...
thrilla_killa 0 Posted June 15, 2018 Author Share Posted June 15, 2018 Metasploit was not used to exploit vulnerabilities. Neither was the Metasploit "check" module. MSFVenom was used to compile payloads. The payload was not Meterpreter, it was a reverse TCP shell that could be caught by netcat (nc). Link to comment Share on other sites More sharing options...
thrilla_killa 0 Posted June 19, 2018 Author Share Posted June 19, 2018 Mods, you can do away with this thread and close it. In the end: Generic Payloads: 1 ; Detections: 0 Link to comment Share on other sites More sharing options...
Recommended Posts