search

guardicore / monkey

Infection Monkey - An open-source adversary emulation platform
https://www.guardicore.com/infectionmonkey/
GNU General Public License v3.0
6.67k stars 785 forks source link

Re-implement T1129(Shared modules) #1474

Closed VakarisZ closed 2 years ago

VakarisZ commented 3 years ago

Is your feature request related to a problem? Please describe. T1129 can be implemented in Infection Monkey as a post-breach action.

Describe the solution you'd like

  1. Revert "Remove T1129 attack technique from the codebase" commit. This will revert the infrastructure for this attack technique
  2. Create a DLL which simulates some malicious activity
  3. Implement win API call to load the custom DLL.
VakarisZ commented 3 years ago

Consider making it stand-alone and opening a PR for atomic red.

VakarisZ commented 2 years ago

ATT&CK report is getting removed in https://github.com/guardicore/monkey/issues/2440