"returned yet more ripping - hot spicy content. i don ’ t want us to get too lost in the sauce on the specifics, so here ' s an overview of the above shady shenanigans : - a firewall rule allowing inbound ssh connections - dropped the ssh executable in that folder - persistence in…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.001PowerShell
68%
"methods of how one would legitimately gain access to a machine. in this situation, the victim machine is forced to reach out to the attacker ’ s machine and gift them a shell. for example, if an attacker exploits a vulnerable apache tomcat web server and can run commands via the …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1219Remote Access Tools
53%
"methods of how one would legitimately gain access to a machine. in this situation, the victim machine is forced to reach out to the attacker ’ s machine and gift them a shell. for example, if an attacker exploits a vulnerable apache tomcat web server and can run commands via the …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.004Spearphishing Voice
43%
"methods of how one would legitimately gain access to a machine. in this situation, the victim machine is forced to reach out to the attacker ’ s machine and gift them a shell. for example, if an attacker exploits a vulnerable apache tomcat web server and can run commands via the …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.003Windows Command Shell
43%
"unraveling a reverse shell with managed edr | huntress we could take a note or two on what agility means from our adversaries, aka threat actors. something doesn ’ t work? plan b is ready. password not cracking? bruteforce it. dropped shell not proving to be fruitful? reverse it.…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.001PowerShell
42%
"returned yet more ripping - hot spicy content. i don ’ t want us to get too lost in the sauce on the specifics, so here ' s an overview of the above shady shenanigans : - a firewall rule allowing inbound ssh connections - dropped the ssh executable in that folder - persistence in…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.004Unix Shell
37%
"unraveling a reverse shell with managed edr | huntress we could take a note or two on what agility means from our adversaries, aka threat actors. something doesn ’ t work? plan b is ready. password not cracking? bruteforce it. dropped shell not proving to be fruitful? reverse it.…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.004Unix Shell
34%
"t show anything interesting either. a lot of people may see this and assume that the threat actor ’ s staging domain is defunct and no longer poses a threat. however, we in the huntress soc are a curious bunch, so we wanted to be sure we covered our bases. when we try this from t…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Read about our journey to unravel a PowerShell reverse shell—and how our Managed EDR feature tipped us off that something wasn’t right.