I played @blackhillsinfosec backdoors and breaches, this was the story (kinda crazy):
We're a MSP, our client got attacked with ransomware, let's investigate.
After some Firewall Log Review, we found out they're exfiltrating data using the BITS protocol.
Looking through the SIEM Logs, we see some activity of credential stuffing using found valid AD credentials on open shares.
Then we get a call from the head of security that the incident was from a current pentest from other consulting company.
We kept investigating to practice our blue team skills, let's go threat hunting! with this we got to know that with Social Engineering an user was deceived to run malware on its computer.
Boooo! We find all our data posted in pastebin 💀
Now the we need Persistence vector after knowing the Initial Compromise, Pivot & Escalate, and C2 & Exfil vectors. We decided to go the basics and use SANS IR cheatsheets to discover backdoors on the systems and with this we discover that the attackers hijacked the order in which DLLs are loaded
it was fun! @ATHL337 @hax0r77 @cybermunchkiin
