Cyber Criminals are using various malicious tools for cyber-attacks based on the target’s strength to infiltrate the sensitive data and more often nowadays Publicly Available Hacking Tools are mainly used by threat actors for various attacks around the world.
Today in the cyberworlds hacking tools are openly available with various functionalities and freely available that can be accessed by anyone from cybercriminals and get it from various hacking forums and dark web marketplace.
Also, these tools have been used to compromise information across a wide range of critical sectors, including health, finance, government defense, and many other sectors.
Day by day threat actors learning new tactics and techniques to find new ways and developing new sophisticated tools to maintain their persistence and evade the security systems.
RAT – Remote Access Trojan {JBiFrost}
Remote Access Trojan provides an access to cybercriminals who can perform various malicious activities from the target system.
Especially JBiFrost remote access trojan (RAT) which is one of the powerful Adwind RAT variants that gives root access to the attacker.
Also, it contains many functions and it is used to install backdoors and keyloggers, take screenshots, and exfiltrate data.
To prevent forensic analysis, it disables security measures, such as Task Manager, and network analysis tools, such as Wireshark, on the victim’s system.
Capabilities
JBiFrost RAT is Java-based, cross-platform, and multifunctional. It poses a threat to several different operating systems, including Windows, Linux, MAC OS X, and Android.
Based on past records, it exfiltrated intellectual property, banking credentials, and Personally Identifiable Information (PII). Machines infected with JBiFrost can also be used in botnets to carry out Distributed Denial of Service (DDoS) attacks.
Credential Stealers {Mimikatz}
Mainly goal of this tool for attackers to collect the credentials of other users logged in to a targeted Windows machine.
Mimikatz is one of this category by accessing the credentials in memory, within a Windows process called Local Security Authority Subsystem Service.
These credentials, either plain text or in hashed form, can be reused to give access to other machines on a network.
Mimikatz has been used by multiple actors for malicious purposes such as gained to a host and threat actor wishes to move throughout the internal network.
The mimikarz source code is publicly available and anyone can compile and add their own future and develop new custom plug-ins and additional functionality.
Many features of Mimikatz can be automated with scripts, such as PowerShell, permit attackers to rapidly exploit and traverse a compromised network.
Web shells: {China Chopper}
China Chopper is one of the powerful Publicly Available Hacking Tools and well-documented web shell which is publicly available to use for post exploitation after compromise the targeted host.
Cybercriminals using it to upload the malicious scripts which are uploaded to a target host after an initial compromise and grant an actor remote administrative capability.
The China Chopper web shell is widely utilized by unfriendly performing actors to remotely get to compromised web-servers, where it gives document and registry administration, alongside access to a virtual terminal on the compromised device.
One attribute of China Chopper is that every action generates an HTTP POST. its noisy and easily spotted if investigated by a network defender.
While the China Chopper web shell server upload is plain text, commands issued by the client are Base64 encoded, although this is easily decodable.
Lateral movement frameworks: {PowerShell Empire}
PowerShell Empire is posted exploitation Publicly Available Hacking Tools that helps attackers to move and gain access after the initial compromise.
Empire can also be used to generate malicious documents and executables for social engineering access to networks.
The PowerShell Empire framework (Empire) was designed as a legitimate penetration testing tool in 2015. Empire acts as a framework for continued exploitation once an attacker has gained access to a system.
Initial exploitation methods vary between compromises, and actors can configure the Empire Framework uniquely for each scenario and target.
Empire enables an attacker to carry out a range of actions on a victim’s machine and implements the ability to run PowerShell scripts without needing ‘powershell.exe’ on the system. Its communications are encrypted and its architecture flexible.
C2 obfuscation tools: {HTran}
Obfuscation tools one of the most important ones to hide the attacker’s identity and evade the detection and there are some privacy tools such as TOR, or more specific tools to obfuscate their location.
“HUC Packet Transmitter (HTran) is a proxy tool, used to intercept and redirect Transmission Control Protocol (TCP) connections from the local host to a remote host. This makes it possible to obfuscate an attacker’s communications with victim networks.”
A broad range of cyber actors has been observed using HTran and another connection proxy tools to:
- Evade intrusion and detection systems on a network
- Blend in with common traffic or leverage domain trust relationships to bypass security
controls - Obfuscate or hide C2 infrastructure or communications
- Create peer-to-peer or meshed C2 infrastructure to evade detection and provide resilient connections to infrastructure.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.
