blueteamsec

572 readers

4 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago

MODERATORS

digicat@infosec.pub

When adversaries bring their own virtual machine for persistence (redcanary.com)

submitted 6 days ago by digicat@infosec.pub to c/blueteamsec@infosec.pub

1 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] moonpiedumplings@programming.dev 2 points 6 days ago* (last edited 6 days ago)

Lmao. They gave a windows vm 4 gigs of ram for this. Wtf.

There is no way this is better than fileless persistence, although this seems easier to execute.

But why not a Linux vm?

Why not an obfuscated binary?

I admire the laziness though.

permalink
fedilink
source