VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
1.36k
stars
161
forks
source link
[Feature Request] Static String Injection into Runtimes #154
It would be exceptionally helpful if the Windows Runtime binaries had either an SRA-set static string, or a customisable string (set at an Org level) that could be injected into every PE binary generated by the system. Similar to how trial versions of Cobalt Strike have the EICAR string added to payloads (but obviously not an EICAR string for this use case), or even the Watermark imprinted into the beacons. Would allow finding these binaries easier for clean up operations.
I know there are some specific SRA strings already in the binaries (which could be used to develop a YARA rule), but would be good to have some more control.
Really appreciate all the work that goes into VECTR, thanks for your consideration!
It would be exceptionally helpful if the Windows Runtime binaries had either an SRA-set static string, or a customisable string (set at an Org level) that could be injected into every PE binary generated by the system. Similar to how trial versions of Cobalt Strike have the EICAR string added to payloads (but obviously not an EICAR string for this use case), or even the Watermark imprinted into the beacons. Would allow finding these binaries easier for clean up operations.
I know there are some specific SRA strings already in the binaries (which could be used to develop a YARA rule), but would be good to have some more control.
Really appreciate all the work that goes into VECTR, thanks for your consideration!