Msfvenom View By Blue Team
Creating the payload with msfvenom
Hosting the payload with service apache2 start
Before executing the exe you must configure the handler
Blue team exercise: Using ApateDNS
ApateDNS by Mandiant is an application that takes DNS requests and supplies fake responses, or resolutions to the requests. By listening on port 53 the app hears all requests by malware and any other activitiy like web browsing, etc.
Next Step: Run the exe!
A first look, and nothing…
After 15 or so mins, a DNS request! Turns out it’s just Windows looking up what time it is…
All the while I have been doing some moderate meterpreter activity
Having openend a shell using shell from within an open meterpreter session. Loading mimikatz and performing a procdump on the lsass.exe in memory.