Msfvenom View By Blue Team

Creating the payload with msfvenom

screenshot

Hosting the payload with service apache2 start

screenshot

Before executing the exe you must configure the handler

screenshot

Blue team exercise: Using ApateDNS

ApateDNS by Mandiant is an application that takes DNS requests and supplies fake responses, or resolutions to the requests. By listening on port 53 the app hears all requests by malware and any other activitiy like web browsing, etc.

Next Step: Run the exe!

A first look, and nothing…

screenshot

After 15 or so mins, a DNS request! Turns out it’s just Windows looking up what time it is…

screenshot

All the while I have been doing some moderate meterpreter activity

Having openend a shell using shell from within an open meterpreter session. Loading mimikatz and performing a procdump on the lsass.exe in memory.

screenshot

Written on May 15, 2018