blueteamsec

572 readers

7 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago

MODERATORS

digicat@infosec.pub

When adversaries bring their own virtual machine for persistence (redcanary.com)

submitted 6 days ago by digicat@infosec.pub to c/blueteamsec@infosec.pub

1 comments fedilink hide all child comments

top 1 comments

sorted by: hot top controversial new old

[–] moonpiedumplings@programming.dev 2 points 6 days ago* (last edited 6 days ago)

Lmao. They gave a windows vm 4 gigs of ram for this. Wtf.

There is no way this is better than fileless persistence, although this seems easier to execute.

But why not a Linux vm?

Why not an obfuscated binary?

I admire the laziness though.

permalink
fedilink
source