Attacker Friction

@[email protected]
56 Followers
1 Following
33 Posts

"Months of planning and it's all blown by a fucking fart." - Sissy

Tabletop scenarios for offensive cyber

DM to submit!

C&Chttp://attacker.com
Attacker FrictionDec 13

Turns out your outsourced dev team vibe-coded the encryption routine of your #ransomware.

https://www.sentinelone.com/blog/cybervolk-returns-flawed-volklocker-brings-new-features-with-growing-pains/

#VolkLocker

Attacker FrictionDec 4

You fail to realize you are on a honeypot.

https://any.run/cybersecurity-blog/lazarus-group-it-workers-investigation/

#LazarusGroup #SituationalAwareness

Attacker FrictionDec 4

Workforce shortage: a developer changed career to mine stone for Great Leader after infecting his own machine for testing, turning your operation into an online version of the imperialist video game Uplink.

https://www.hudsonrock.com/northkorean

#LummaC2 #ByBit #NorthKorea

Attacker FrictionNov 16

Customer burns some of your tooling when using a deprecated version.

https://techcrunch.com/2025/10/28/ceo-of-spyware-maker-memento-labs-confirms-one-of-its-government-customers-was-caught-using-its-malware/

#HackingTeam #MementoLabs #Kaspersky #TheSecurityCommunity

Attacker FrictionNov 11

You install PSP on your operator workstation and the vendor starts spying on you.

https://www.huntress.com/blog/rare-look-inside-attacker-operation

#opsec

Attacker FrictionJul 19, 2024

EDR bug crashes all your points of access.

Vendor investigation and Incident Response processes are started, risking the exposure of your operation.

Attacker FrictionJun 1, 2024
TFW you get real appreciation for your work 
Attacker FrictionMay 26, 2024

Your employees accidentally infect their own machines with malware, allowing security companies to spy on your operations.

(Note: we don't really know this is how this particular investigation went down, but we wouldn't be surprised...)

https://research.checkpoint.com/2024/agent-tesla-targeting-united-states-and-australia/

Agent Tesla Targeting United States & Australia: Revealing the Attackers' Identities - Check Point Research

Research by: Antonis Terefos, Raman Ladutska Part I from the series E-Crime & Punishment Introduction When considering a notoriously famous topic known for quite a long time, it may feel like there is nothing new to add to this area anymore ­­– all paths traced, all words said, all “i”s dotted. Is it worth an […]

Check Point Research
Attacker FrictionMay 26, 2024

Your developers upload 0-day exploit documentation to VirusTotal.

#opsec

https://securelist.com/cve-2024-30051/112618/

QakBot attacks with Windows zero-day (CVE-2024-30051)

In April 2024, while researching CVE-2023-36033, we discovered another zero-day elevation-of-privilege vulnerability, which was assigned CVE-2024-30051 identifier and patched on May, 14 as part of Microsoft's patch Tuesday. We have seen it exploited by QakBot and other malware.

Kaspersky
Attacker FrictionOct 25, 2023

Fast hashing allows the recovery of the ID's of your sockpuppet accounts.

https://securelist.com/triangulation-validators-modules/110847/

(On a related note: has anyone unblurred the texts on the first diagram yet? :))

The outstanding stealth of Operation Triangulation

In this report Kaspersky shares insights into the validation components used in Operation Triangulation, TriangleDB implant post-compromise activity, as well as details of some additional modules.

Kaspersky