CTO @scythe_io 🦄 #RedTeam #C2Matrix | #PenTest & #PurpleTeam Framework | Certified SANS Instructor & Author of #SEC564 | #CVSS #EPSS | ISSA & NSI Fellow
Apr 30, 2021 • 10 tweets • 8 min read
🧵on stealing TeamViewer credentials
Many organizations have systems with TeamViewer actively running; some know it and manage it correctly, other have no idea it is running or where. The latter probably have multiple versions #redteam#blueteam#purpleteam#ThreatThursday 1/10
I started looking deeper into TeamViewer when @snlyngaas reported that a Florida water facility had been breached. A malicious actor used TeamViewer to login and change the levels of sodium hydroxide. The plant operator say this and no damage was done cyberscoop.com/florida-water-… 2/10
Aug 16, 2020 • 6 tweets • 2 min read
Reading the NSA and FBI report of Russian GRU 85th GTsSS using the Linux based Drovorub Malware. What stands out to me the most (so far) is the kernel level rootkit (stealth capabilities). All the other features seem pretty simple to emulate for Linux.
media.defense.gov/2020/Aug/13/20…
There are 4 modules: server, client, kernel-module, and agent. I like how they differentiate between client and agent where the agent does not include the kernel-module and is more for relaying and data staging. The server uses MySQL back-end, similar to other C2 frameworks.