Realistic Phishing with PowerShell and a Mail Relay

Introduction If you’re like me, you’ll recall the days of using telnet to connect to an SMTP Server on port 25 and issue the basic SMTP commands 1 (e.g. EHLO, MAIL FROM:, RCPT TO:, DATA). While I won’t miss accidentally mistyping a command, I will miss the simplicity. However, with the simplicity also came limitations, such as creating a realistic email that looks identical to an internal email communication. In comes PowerShell, and this is not new or groundbreaking, to make things both easy and realistic....

April 14, 2022 · 7 min · ch0pper

Detecting Rogue RDP

Introduction Microsoft recently announced the disablement of VBA macros carrying the mark of the web, impacting the ease-of-use of this widespread initial access technique. BlackHillsInfosec wrote a blog post on a different technique that could help fill the void titled “Rogue RDP”. This post examines signals generated by the attack, outlines detection opportunities, and discusses required sysmon configuration changes. Rogue RDP Technique The author Mike Felch describes the technique as:...

March 27, 2022 · 9 min · Nameless