Powershell-RAT and Python-Rootkit

0x01 前言

Powershell-RAT Python based backdoor that uses Gmail to exfiltrate data as an e-mail attachment

Python-Rootkit Python Remote Administration Tool (RAT) to gain meterpreter session

Use your social engineer skills to make him open the file这句话逗笑了，精髓啊

AutoSploit的简单分析

https://github.com/NullArray/AutoSploit

• 第一部分：通过shadon获取目标IP
        api = shodan.Shodan(SHODAN_API_KEY)


ICMP隧道穿透

0x01 什么是ICMP
ICMP：Internet控制报文协议。由于IP协议并不是一个可靠的协议，它不保证数据被成功送达，那么，如何才能保证数据的可靠送达呢？ 这里就需要使用到一个重要的协议模块ICMP(网络控制报文)协议。它传递差错报文以及其他需要注意的信息，经常供IP层或更高层协议（TCP或UDP）使用。所以它经常被认为是IP层的一个组成部分


人若无名 专心练剑

写了很多，又删掉了


[Stages of APT]DATA EXFILTRATION

After a successful asset discovery adversaries try to exfiltrate data from the compromised network. In many cases the initial C&C is used as the drop-off point. However, other systems and technologies might be involved [1]. The actual approach of the exfiltration depends on APT group’s tactics, data amount and other circumstances.

[Stages of APT]ASSET DISCOVERY

In most cases the goal of an APT campaign is the theft of intellectual property, confidential information [1] or access to specific systems within the target organization’s network. For example, adversaries usually target for patented technologies, diplomatic information or access to computers of researchers and executives in order to monitor their activity. Due to the fact that the asset of interest is usually in digital form it’s hard to detect the theft which allows the adversaries to conduct the crime without being noticed.