-
GadgetToJScript
A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
I'm sorry but most of this is not right. We can see in the attacker is running JScript code in memory using the eval function. There are no files dropped to disk and no child processes spawned here -- it's all in memory and all still inside the exchange web server process. At this point, it's impossible to know what JScript was executed, but it is possible (and not that difficult) to run whole .NET programs using JScript. From .NET there's nothing an attacker can't do. They could have easily run a beacon inside of the exchange webserver process without any files dropped to disk or processes spawned.
If you're looking for a place to start in offensive security, I'd recommend playing with some tools like Metasploit, Empire, Responder, Impacket, and Mimikatz in your home lab. This blog is also a great resource for understanding Active Directory security from both an offensive and defensive perspective.
Related posts
-
Cloud Security and Resilience: DevSecOps Tools and Practices
-
A Deep Dive Into Terraform Static Code Analysis Tools: Features and Comparisons
-
SQLite virtual table to query operating system data via SQL
-
Show HN: Natural Language to SQL "Text-to-SQL" API by Dataherald
-
Best Hacking Tools for Beginners 2024