Open Source PowerShell-Written Post Exploitation Frameworks Used by Cyber Espionage Groups

2020 3rd International Conference on Information and Computer Technologies (ICICT) Pub Date : 2020-03-01 DOI:10.1109/ICICT50521.2020.00078

Tjada Nelson, H. Kettani

{"title":"Open Source PowerShell-Written Post Exploitation Frameworks Used by Cyber Espionage Groups","authors":"Tjada Nelson, H. Kettani","doi":"10.1109/ICICT50521.2020.00078","DOIUrl":null,"url":null,"abstract":"Cyber espionage groups are sophisticated adversary groups that conduct complex attack campaigns against their targets. As cyber espionage activities increase, there will be an increased pressure on these groups to quickly and effectively conduct their cyber operations against their targets. Using open source hacking tools can allow these groups to meet this demand by lowering resources which would otherwise be used to develop customized tooling. Using a language such as PowerShell which is widely available on target systems, cyber espionage groups can use tools that require less setup and manipulation to operate. Open source PowerShell-written post exploitation frameworks allow cyber espionage groups to leverage open source tooling on the PowerShell platform. This makes an ideal attack platform to conduct cyber operations from. This paper details cyber espionage groups that use open source PowerShell-written post exploitation frameworks and describe how they are used. The goal of this research is to understand how this tooling is used and identify trends that can lead to insights on future usage.","PeriodicalId":445000,"journal":{"name":"2020 3rd International Conference on Information and Computer Technologies (ICICT)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 3rd International Conference on Information and Computer Technologies (ICICT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICICT50521.2020.00078","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

Cyber espionage groups are sophisticated adversary groups that conduct complex attack campaigns against their targets. As cyber espionage activities increase, there will be an increased pressure on these groups to quickly and effectively conduct their cyber operations against their targets. Using open source hacking tools can allow these groups to meet this demand by lowering resources which would otherwise be used to develop customized tooling. Using a language such as PowerShell which is widely available on target systems, cyber espionage groups can use tools that require less setup and manipulation to operate. Open source PowerShell-written post exploitation frameworks allow cyber espionage groups to leverage open source tooling on the PowerShell platform. This makes an ideal attack platform to conduct cyber operations from. This paper details cyber espionage groups that use open source PowerShell-written post exploitation frameworks and describe how they are used. The goal of this research is to understand how this tooling is used and identify trends that can lead to insights on future usage.

查看原文本刊更多论文

网络间谍组织使用的开源powershell编写的Post exploit框架

网络间谍组织是老练的敌对组织，他们对目标进行复杂的攻击活动。随着网络间谍活动的增加，这些组织将面临越来越大的压力，需要迅速有效地对目标实施网络行动。使用开源黑客工具可以让这些组织通过减少原本用于开发定制工具的资源来满足这种需求。使用PowerShell等在目标系统上广泛使用的语言，网络间谍组织可以使用需要较少设置和操作的工具来操作。开源PowerShell编写的帖子利用框架允许网络间谍组织利用PowerShell平台上的开源工具。这使其成为进行网络作战的理想攻击平台。本文详细介绍了使用开源powershell编写的post exploit框架的网络间谍组织，并描述了它们是如何使用的。本研究的目标是了解如何使用此工具，并确定可以导致对未来使用的见解的趋势。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2020 3rd International Conference on Information and Computer Technologies (ICICT)

自引率

0.00%

发文量