D19 - Attack Diagram/Plan
Explanation
Attack diagram is like a map that shows how we plan to comprimise target assets. This attack plan consists of six phases.
1. Initial Access
- We use a brute force attack to gain access to the target server.
2. Discovery
- After accessing the server, we run commands to gather information about the system and network.
- whoami, ipconfig, net user, net group etc.
3. Defense Evasion
- We disable Windows Defender to bypass security measures.
4. Execution
- We download the profile and generate a payload using the agent in Mythic C2.
- We make the payload accessible through a Python HTTP server.
- We execute the relevant command in PowerShell to download the payload onto the compromised server.
- Finally, we run the downloaded payload.
5. C2 Connection
- We ensure the payload communicates with the Mythic C2 server.
- During this step, we use
netstat -anoband Task Manager to check if the application is running.
- During this step, we use
6. Data Exfiltration
- Once the connection between the agent and Mythic C2 is established, we proceed to exfiltrate data.
Conclusion:
By following these steps, you will gain a sense of a how basic attack diagram works.
Yorumlar
Yorum Gönder