DNSCat2 Using Azure & GoDaddy

C2 Covert Channels

Today we’re exploring the world of obscure C2 channels, specifically DNS covert channels. Attackers know that DNS is widely used and trusted. Furthermore, because DNS is not intended for data transfer, many organisations don’t monitor their DNS traffic for malicious activity. As a result, a number of types of DNS-based attacks can be effective if launched against company networks. DNS tunnelling is one such attack.

Continue reading DNSCat2 Using Azure & GoDaddy

PetitPotam + AD-CS + Rubeus

Summary Of The Attack:

  • Get the DC machine account to connect back to you while you have an NTLM relay set up
  • Use the NTLM relay to connect to the certificate services server to obtain a certificate under the context of the machine account for the DC
  • With a standard domain user use Rubeus to request a TGT using the certificate obtained of the machine account of the DC
  • Dump the hashes using Mimikatz via a DC-Sync attack with the Kerberos ticket imported
Continue reading PetitPotam + AD-CS + Rubeus

Metadata & Hidden Information Within Documents [FOCA] (Repost)

Document metadata is information attached to a file that may not be visible on the face of the document; documents may also contain supporting elements such as graphic images, photographs, tables and charts, each of which can have its own metadata. Metadata summarises basic information about data, which can make finding and working with particular instances of data easier. Having the ability to filter through that metadata makes it much easier for someone to locate a specific document or other data asset in a variety of different ways. 

Continue reading Metadata & Hidden Information Within Documents [FOCA] (Repost)