Article Excerpt
property | value |
tags | defensive-tradecraft,offensive-tradecraft,tradecraft-tool |
url | |
original_word_count | 0 |
Long Summary
RedSiege is a security research and development company that has created a suite of tools to help security professionals with their work. These tools range from macro generators to metadata analysis tools, and are designed to help security professionals bypass A/V vendors, access data from databases, and analyze IP addresses.
The first tool is EXCELntDonut, a macro generator that takes C# source code and converts it into an XLM (Excel 4.0) macro that can be saved in .XLS files. This tool was created in response to Operation Epic Manchego, a threat actor that was uploading Macro-Enabled Excel Files (xlsm) to VirusTotal with VBA macros. The second tool is hot-manchego, a Macro-Enabled Excel File Generator (.xlsm) using the EPPlus Library. This tool was created to help security professionals create malicious Excel files that can bypass most A/V vendors.
The third tool is SqlClient, a proof-of-concept .NET mssql client for accessing database data through a Cobalt Strike beacon. This tool allows security professionals to access data from a database without having to use a traditional client. The fourth tool is Just-Metadata, a tool that gathers and analyzes metadata about IP addresses. It is used to gather intelligence information passively about a large number of IP addresses, and attempt to extrapolate relationships that might not otherwise be seen. Just-Metadata also has βgatherβ and βanalysisβ modules that can be used to find potential relationships between the loaded systems.
The fifth tool is WMImplant, a PowerShell based tool that leverages WMI to both perform actions against targeted machines, but also as the C2 channel for issuing commands and receiving results. This tool requires local administrator permissions on the targeted machine. The sixth and final tool is CLM-Base64, which provides Base64 encoding and decoding functionality to PowerShell within Constrained Language Mode.
RedSiege has created a comprehensive suite of tools to help security professionals with their work. These tools range from macro generators to metadata analysis tools, and are designed to help security professionals bypass A/V vendors, access data from databases, and analyze IP addresses. Each tool is designed to help security professionals in different ways, and can be used to help protect against malicious actors. With these tools, security professionals can better protect their networks and data from malicious actors.
Short Summary
π Red Siege Tools
ππ½ ππ½ RedSiege offers a suite of tools for security professionals. ππ½ The tools range from macro generators to metadata analysis tools. ππ½ The tools help security professionals bypass A/V vendors. ππ½ The tools help security professionals access data from databases. ππ½ The tools help security professionals analyze IP addresses. ππ½ EXCELntDonut converts C# code into an Excel 4.0 macro. ππ½ hot-manchego generates Macro-Enabled Excel files that bypass most A/V vendors. ππ½ SqlClient allows access to database data through a Cobalt Strike beacon. ππ½ Just-Metadata gathers and analyzes metadata about IP addresses. ππ½ WMImplant uses PowerShell and WMI for actions against targeted machines.
π source link: https://redsiege.com/tools/
π summarized content: https://hut.threathunterz.com/battlefield-intel/tradecraft-tools/red-siege-tools
#RedSiege #SecurityTools #MacroGenerator #MetadataAnalysis #NetworkProtection
