Malware gangs love open source offensive hacking tools

This is getting quite meta. This article lists tools that can be used for attack, by both the good and bad guys. Knowing which are used by the bad guys gives the good guys valuable info on what to look out for…:

[…] “We found [that] the most commonly adopted projects were memory injection libraries and RAT tools,” Litvak said.

“The most popular memory injection tool was the ReflectiveDllInjection library, followed by the MemoryModule library. For RATs [remote access tools], Empire, Powersploit and Quasar were the leading projects.”

The lateral movement category was dominated by Mimikatz — to nobody’s surprise.

UAC bypass libraries were dominated by the UACME library. However, Asian hacking groups appeared to have preferred Win7Elevate, most likely due to Windows 7’s larger regional installbase.

The only OST projects that weren’t popular were those implementing credential-stealing features.

Litvak believed they were not popular because of similar tools provided by black-hats on underground hacking forums, tools that come with superior features, which malware gangs chose to adopt instead of offensive tools provided by the infosec community.


Original Article