Attacker Friction

@[email protected]
56 Followers
1 Following
33 Posts

"Months of planning and it's all blown by a fucking fart." - Sissy

Tabletop scenarios for offensive cyber

DM to submit!

C&Chttp://attacker.com
Attacker FrictionDec 13

Turns out your outsourced dev team vibe-coded the encryption routine of your #ransomware.

https://www.sentinelone.com/blog/cybervolk-returns-flawed-volklocker-brings-new-features-with-growing-pains/

#VolkLocker

Attacker FrictionDec 4

You fail to realize you are on a honeypot.

https://any.run/cybersecurity-blog/lazarus-group-it-workers-investigation/

#LazarusGroup #SituationalAwareness

Attacker FrictionDec 4

Workforce shortage: a developer changed career to mine stone for Great Leader after infecting his own machine for testing, turning your operation into an online version of the imperialist video game Uplink.

https://www.hudsonrock.com/northkorean

#LummaC2 #ByBit #NorthKorea

Attacker FrictionNov 16

Customer burns some of your tooling when using a deprecated version.

https://techcrunch.com/2025/10/28/ceo-of-spyware-maker-memento-labs-confirms-one-of-its-government-customers-was-caught-using-its-malware/

#HackingTeam #MementoLabs #Kaspersky #TheSecurityCommunity

Attacker FrictionNov 11

You install PSP on your operator workstation and the vendor starts spying on you.

https://www.huntress.com/blog/rare-look-inside-attacker-operation

#opsec

Attacker FrictionDec 6, 2024

The competition compromises your C2 infrastructure and operator workstations.

"a longstanding campaign orchestrated by the Russian-based threat actor known as 'Secret Blizzard' (also referred to as Turla). This group has successfully infiltrated 33 separate command-and-control (C2) nodes used by Pakistani-based actor, 'Storm-0156.'"

https://blog.lumen.com/snowblind-the-invisible-hand-of-secret-blizzard/

Snowblind: The Invisible Hand of Secret Blizzard - Lumen Blog

A prolinged espionage campaign by Russian threat group Turla to penetrate Pakistani targets and the Pakistanis themselves

Lumen Blog
Attacker FrictionJul 19, 2024

EDR bug crashes all your points of access.

Vendor investigation and Incident Response processes are started, risking the exposure of your operation.

Attacker FrictionJun 1, 2024
TFW you get real appreciation for your work 
Attacker FrictionMay 26, 2024

Your employees accidentally infect their own machines with malware, allowing security companies to spy on your operations.

(Note: we don't really know this is how this particular investigation went down, but we wouldn't be surprised...)

https://research.checkpoint.com/2024/agent-tesla-targeting-united-states-and-australia/

Agent Tesla Targeting United States & Australia: Revealing the Attackers' Identities - Check Point Research

Research by: Antonis Terefos, Raman Ladutska Part I from the series E-Crime & Punishment Introduction When considering a notoriously famous topic known for quite a long time, it may feel like there is nothing new to add to this area anymore ­­– all paths traced, all words said, all “i”s dotted. Is it worth an […]

Check Point Research
Attacker FrictionMay 26, 2024

Your developers upload 0-day exploit documentation to VirusTotal.

#opsec

https://securelist.com/cve-2024-30051/112618/

QakBot attacks with Windows zero-day (CVE-2024-30051)

In April 2024, while researching CVE-2023-36033, we discovered another zero-day elevation-of-privilege vulnerability, which was assigned CVE-2024-30051 identifier and patched on May, 14 as part of Microsoft's patch Tuesday. We have seen it exploited by QakBot and other malware.

Kaspersky