Please enable JavaScript.
Coggle requires JavaScript to display documents.
POST EXPLOITATION (Agent Management (file browser (exfiltration), user…
POST EXPLOITATION
Agent Management
session passing
execute
file browser
exfiltration
user exploitation
screenshots, keylogging
Session Prepping
change running process id and many things
Post-ex Detections
Behaviors(Event); execute/write/inject
Process Context (Event Property)
injected dll
Understanding Telemetry and Instrumentation
Spoof Event Properties to fool
change offense Model
BlockDlls
Instrumentation Strategy
Load use-land dll into new process
hook functions associated with offense activity
watch calls, analyze arguments
Evasion Options
Remove userland hooks
load and execute capability before hooking
block user land dlls