• krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • Attacker groups adopt new penetration testing tool Brute Ratel
    Home Malware Attacker groups adopt new penetration testing tool Brute Ratel

    Attacker groups adopt new penetration testing tool Brute Ratel

    Source Link

    Security researchers have recently identified several attack campaigns that use APT-like targeting techniques and deploy Brute Ratel C4 (BRc4), a relatively new adversary simulation framework. While hackers abusing penetration testing tools is not a new development — Cobalt Strike and Metasploit’s Meterpreter have been used by threat groups for years — Brute Ratel is focused on detection evasion techniques, so it might pose a real challenge to defense teams.

    “The emergence of a new penetration testing and adversary emulation capability is significant,” researchers from security firm Palo Alto Networks said in a new report analyzing several recent samples. “Yet more alarming is the effectiveness of BRc4 at defeating modern defensive EDR and AV detection capabilities.”

    Brute Ratel a part-time hobby project that became a commercial product

    Brute Ratel is developed by ​​Chetan Nayak, also known as Paranoid Ninja, a former detection engineer and red teamer who lists CrowdStrike and Mandiant as past employers. The project was launched in December 2020 and slowly grew in features and capabilities. In January, Nayak announced that he has decided to focus full time developing the tool and associated training courses and released major version 1.0 in May.

    The tool now provides the capability to write command-and-control channels that use legitimate services like Slack, Discord and Microsoft Teams. It can inject shellcode into existing processes and use undocumented syscalls instead on normal Windows API calls that are monitored by security software. BRc4 can also perform in-memory execution of various types of code and scripts as well as DLL reflection techniques. It has a graphic interface for LDAP queries across domains and includes a debugger that detects EDR hooks and avoids triggering their detection.

    According to Nayak’s Twitter posts, BRc4 has more than 350 customers who bought more than 480 licenses. A one-year license costs $2,500 and a renewal $2,250. While this might seem expensive for an independent penetration tester, the cost is quite affordable for both legitimate companies as well as malicious threat actors.

    Signs of BRc4 misuse

    The Palo Alto Networks researchers recently found a malware sample from May that deployed BRc4 and used packaging and delivery techniques that were similar to those observed in recent APT29 campaigns. APT29, also known as Cozy Bear, is a threat group believed to be associated with or part of one of Russia’s intelligence agencies. It was responsible for attacks against many government agencies over the years, including the attack on the Democratic National Committee in the U.S. in 2016.

    Copyright © 2022 IDG Communications, Inc.

    Related Articles

    Leave a Comment

    techhipbettruvabetnorabahisbahis forumutaraftarium24eduseduedueduedusedusedueduedusedus
    neyine casino giriş
    lüks casino güncel giriş
    свит бонанза
    cashwin giris
    betwild giris
    rexbet giriş
    vegabet
    rokubet giriş
    kingbetting güncel
    biabet giris
    pin up aviator
    biabet giriş
    padişahbet güncel giriş
    padişahbet
    sugar rush 1000
    casinomilyon
    plinko romania
    betmatik
    betwild giris
    imajbet giriş