Closed omkarbhat1995 closed 3 years ago
hey @omkarbhat1995!
This section is an extension of https://github.com/mitre-attack/attack-arsenal/tree/master/adversary_emulation/APT29/Emulation_Plan/Day%202#red-team-systems, where you need to generate a PowerShell payload that calls back to whatever C2 framework you choose to use. We used PoshC2, where a stager is automatically generated when you start the C2 server (https://poshc2.readthedocs.io/en/latest/install_and_setup/config-and-starting.html#c2-server) but you can replace this value with any one-liner payload that you want to work into the emulation scripts.
Also, in case of DLL file, in the next section, where do I get that file? Is it one of the files that Posh C2 generates? If so how to select the correct dll file?
Correct! Similar to the PS payload, you can use any DLL that calls back to your C2 framework. We used the PoshC2 Sharp_v4_x64.dll
file.
In the Red Team Setup part, we need to "Generate an encoded PowerShell oneliner payload" but I didnt see any instructions about how to generate this payload nor any information about what that is supposed to do. Can some one help me generate this payload ?![apt29](https://user-images.githubusercontent.com/16762995/95899327-6525e000-0d5e-11eb-914f-f70db7105867.png)