all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Hunt-Sleeping-Beacons - Aims To Identify Sleeping Beacons

Add to bookmarks
June 18, 2022, 9:30 p.m. | noreply@blogger.com (Unknown)

KitPloit - PenTest Tools! www.kitploit.com


The idea of this project is to identify beacons which are unpacked at runtime or running in the context of another process.

To do so, I make use of the observation that beacons tend to call Sleep between their callbacks. A call to sleep sets the state of the thread to DelayExecution which is taken as a first indiciator that a thread might be executing a beacon.

After enumerating all threads whose state is DelayExecution, multiple metrics are applied …

hooking identify processes sleeping

Visit resource

More from www.kitploit.com / KitPloit - PenTest Tools!

Gftrace - A Command Line Windows API Tracing Tool For Golang Binaries 1 day ago | www.kitploit.com
api command command line deimosc2 +17
HardeningMeter - Open-Source Python Tool Carefully Designed To Comprehensively Assess The Security Hardening Of Binaries … 2 days ago | www.kitploit.com
hardeningmeter protection python python3 +2
JS-Tap - JavaScript Payload And Supporting Software To Be Used As XSS Payload Or Post … 3 days ago | www.kitploit.com
js-tap multithreaded taken traffic +3
MasterParser - Powerful DFIR Tool Designed For Analyzing And Parsing Linux Logs 4 days ago | www.kitploit.com
cyber security dfir automation digital forensic masterparser +1
C2-Cloud - The C2 Cloud Is A Robust Web-Based C2 Framework, Designed To Simplify The … 5 days ago | www.kitploit.com
c2-cloud command & control hacking tool offensive security +4
OSTE-Web-Log-Analyzer - Automate The Process Of Analyzing Web Server Logs With The Python Web Log … 6 days ago | www.kitploit.com
attack detection lfi detection oste-web-log-analyzer rfi detection +1
ThievingFox - Remotely Retrieving Credentials From Password Managers And Windows Utilities 1 week ago | www.kitploit.com
ntlm post-exploitation powershell python +7
Galah - An LLM-powered Web Honeypot Using The OpenAI API 1 week, 1 day ago | www.kitploit.com
galah golang llm openai api +3
CrimsonEDR - Simulate The Behavior Of AV/EDR For Malware Development Training 1 week, 2 days ago | www.kitploit.com
amsi antivirus crimsonedr dll +5

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Red Team Operator

@ JPMorgan Chase & Co. | LONDON, United Kingdom
View on infosec-jobs.com

SOC Analyst

@ Resillion | Bengaluru, India
View on infosec-jobs.com

Director of Cyber Security

@ Revinate | San Francisco Bay Area
View on infosec-jobs.com

Jr. Security Incident Response Analyst

@ Kaseya | Miami, Florida, United States
View on infosec-jobs.com

Infrastructure Vulnerability Consultant - (Cloud Security , CSPM)

@ Blue Yonder | Hyderabad
View on infosec-jobs.com

Product Security Lead

@ Lely | Maassluis, Netherlands
View on infosec-jobs.com
View more jobs