BLUESPAWN issues

commit 6248829 BLUESPAWN-client-x86-Release build detected as TrojanDownloader:Win32/Cekar.gen!A by Defender

5

Just a heads up. VT score of 3/68. Likely a false positive due to incorporation of Atomic tests. Given the value of this project though, it would be good to...

keimiller-expediagroup

type/bug

priority/high

difficulty/hard

Agent-Client communications

1

Jack-McDowell

in progress

difficulty/hard

lang/c++

Add coverage map to RTD & update project link on github/wiki pages

1

once the docs get merged into develop

ION28

type/enhancement

difficulty/easy

Setup project donation buttons

ION28

type/enhancement

difficulty/easy

Search for Windows Telemetry persistence

https://github.com/Imanfeng/Telemetry https://www.trustedsec.com/blog/abusing-windows-telemetry-for-persistence/

ION28

type/enhancement

module/configuration

priority/high

module/file-system

difficulty/easy

lang/c++

mode/hunt

platform/client

Search for malicious NPLogonNotifiers

https://github.com/gtworek/PSBits/tree/master/PasswordStealing/NPPSpy

ION28

type/enhancement

module/configuration

module/file-system

difficulty/easy

lang/c++

mode/hunt

platform/client

More hunts

https://attack.mitre.org/techniques/T1546/002/ https://attack.mitre.org/techniques/T1547/003/ https://attack.mitre.org/techniques/T1197/

Jack-McDowell

type/enhancement

priority/low

in progress

difficulty/easy

lang/c++

mode/monitor

mode/hunt

Look through techniques to identify new hunts

https://docs.rapid7.com/insightidr/windows-suspicious-process

ION28

Actively detect llmnr / wpad poisoning

"detect netbios/LLMNR poisoning by having your endpoint agent issue a request for a non-existent resource. Tools like Responder would respond to this request, giving themselves away. I can say from...

ION28

type/enhancement

module/configuration

difficulty/hard

lang/c++

mode/hunt

platform/client

Create python bindings for key functions in BLUESPAWN DLL

ION28

type/enhancement

priority/high

difficulty/hard

lang/c++

platform/client

integration/agent7

BLUESPAWN
BLUESPAWN copied to clipboard

Metadata

commit 6248829 BLUESPAWN-client-x86-Release build detected as TrojanDownloader:Win32/Cekar.gen!A by Defender

Agent-Client communications

Add coverage map to RTD & update project link on github/wiki pages

Setup project donation buttons

Search for Windows Telemetry persistence

Search for malicious NPLogonNotifiers

More hunts

Look through techniques to identify new hunts

Actively detect llmnr / wpad poisoning

Create python bindings for key functions in BLUESPAWN DLL

← Metadata

Owner

Metadata

BLUESPAWN BLUESPAWN copied to clipboard

Metadata

← Metadata

Owner

Metadata

BLUESPAWN
BLUESPAWN copied to clipboard