Abusing DCOM For Yet Another Lateral Movement Technique Logo

Abusing DCOM For Yet Another Lateral Movement Technique

0
Free
Visit Website

This post discusses an alternate DCOM lateral movement discovery and payload execution method by locating DCOM registry key/values that point to the path of a non-existing binary on the 'remote' machine, providing an example method that may work if mobsync.exe is not in the default location on Windows 2008 R2 and Windows 2012 R2 systems.

FEATURES

ALTERNATIVES

A lightweight and portable Docker container for penetration testers and CTF players

Full-featured C2 framework for stealthy communication and control on web servers.

Tool for randomizing Cobalt Strike Malleable C2 profiles to evade static, signature-based detection controls.

A DNS rebinding exploitation framework

Docker image with essential tools for Kubernetes penetration testing.

A proof-of-concept obfuscation toolkit for C# post-exploitation tools, designed to conceal malicious activities from detection.

A framework for exploiting Android-based devices and applications

Data exfiltration & infiltration tool using text-based steganography to evade security controls.

PINNED