In this post I’ll be dropping a tool and set of techniques that red teams can use to maintain anonymous, covert access to compromised machines. I’ll also present some advice for defenders looking to detect and respond to these types of attack.
This is not a brand new idea, but as far as I’m aware it hasn’t been very thoroughly discussed from the perspective of penetration testing and red teaming. Malware authors have been using these techniques since at least 2012. If they’re doing it, we should be too.