Top 5 Hacking Tools – Blacklisted By US-CERT (HIGH ALERT)

The hacking tools mentioned in the US-CERT Report may not be unfamiliar to the security researchers and penetration testers, but the value for the enterprise security defense workers is self-evident. Research is designed to make companies aware of the threats they face and to better prepare for defensive measures.

The US government’s network security agency NCCIC, in conjunction with Australia, New Zealand, Canada and the UK, has teamed up to investigate a number of hacking tools commonly used for cyber attacks, and published a report on their official website to explain in detail the five commonly used tools. Function, intrusion techniques and prevention methods, I hope the public can take precautions.

The five tools are as follows:

  • 1. Remote access Trojan: JBiFrost
  • 2. Web shell: China Chopper
  • 3. Credential stealing tool: Mimikatz
  • 4. Horizontal Move Tool: PowerShell Empire
  • 5. Command and Control Confusion and Penetration Tools: HUC Data Packetizer

1. JBiFrost

JBiFrost is a variant of Adwind RAT and its roots can be traced back to the 2012 Frutas RAT. This is a Java-based, cross-platform, versatile tool that can pose threats to multiple systems such as Windows, Linux, MAC OS X and Android. The JBiFrost RAT is typically used by cyber criminals and low-skilled threat participants, but its functionality can be easily adapted to state-sponsored threat participants, providing victims with malicious RATs for further access to remote access, or stealing valuable Information such as bank vouchers, intellectual property or PII.

More References –

2. China Chopper

China Chopper is an open web shell tool that has been widely used since 2012. The Five-Eye Alliance found that threat participants have begun using China Chopper to remotely access compromised Web servers, providing file and directory management, and accessing virtual terminals on infected devices. Because China Chopper is only 4 KB in size and has an easy-to-modify payload, it is difficult for network defenders to detect and mitigate.

More References –

3. Mimikatz

Developed in 2007, Mimikatz is primarily used by attackers to collect credentials from other users who log in to the target Windows computer. It does this by accessing in-memory credentials in a Windows process called Local Security Authority Subsystem Service (LSASS). Although it was not originally a hacking tool, in recent years, Mimikatz has been used by many attackers for malicious purposes, which can seriously damage the misconfigured network security.

More References –

4. PowerShell Empire

PowerShell Empire is an example of a post-development or landscape-moving tool. It is designed to allow an attacker (or penetration tester) to move around the network after getting initial access. PowerShell Empire can also be used to generate malicious documents and executables to access the network using social engineering. The PowerShell Empire is gaining popularity among hostile state actors and organized criminals. In recent years, we have seen it used worldwide for a variety of network events.

More References –

5. HUC packet sender

The HUC Packet Transmitter (HTran) is a proxy tool that intercepts and redirects Transmission Control Protocol (TCP) connections from the local host to the remote host. Since 2009, the tool has been available for free on the Internet. The use of HTran is often observed in government and industry target attacks. HTran can inject itself into a running process and install a rootkit to hide network connections to the host operating system. Using these features, you can also create a Windows registry key to ensure that HTran maintains persistent access to the victim’s network.

More References –

These tools are often not malicious and can be used by testers for vulnerability discovery, but can also be used maliciously to invade the network, execute commands, and steal data. The British National Security Center (NCSC) said that the combined use of these tools has made it more difficult to detect.

According to NCSC, “Many tools are used in conjunction with other tools, making the network defense staff more challenging. It has been found that national hackers and criminals with different skill levels use these tools.

NCSC says it’s just a few simple steps to defend against these attacks. Key resilience measures include multi-factor authentication, network partitioning, security monitoring, and patching. All of this is in line with NCSC’s core safety advice guidelines.

If you want to see the details of this report and the corresponding defenses, you can go to US-Cert to view.

Source

You may also like:

Sarcastic Writer

Step by step hacking tutorials about wireless cracking, kali linux, metasploit, ethical hacking, seo tips and tricks, malware analysis and scanning.

Related Posts