This is bi-weekly dispatch is brought to you by the team at Black Harbor. Every other week we share three things. One offensive technique, one defensive technique and some random snippet of something that piqued our interest. It may be a motivational quote, some piece of news or a slice of a product review.
Offense – Python Malware On The Rise
A great analysis of the rise in python malware. This is a great food-for-thought article for developers who are looking to create python implants. Python native executables generally speaking will be larger and use more resources. So you’re sacrificing development speed for operational stealth. I personally enjoy the ease and rapid development of python for engagements where I need something custom but often find that AV will flag most default python executable creations.
Defense – OpenCanary
While OpenCanary is by no means a new tool I have personally seen a rise in Canary software and its use over the course of the years. Strategically I have placed canaries manually as unique strings embedded within file metadata or I have identified unique strings as files move via network logging. OpenCanary simplifies some manual buildout of that by using services that will alert when abused, somewhat like a HoneyPot.
While canaries can become difficult to manage I think they have a purpose if scoped and designed appropriately. A canary firing on a sensitive network share would be a clear sign of activity which is a pretty high fidelity indicator. Think insider threat program.
You don’t need to be a leader to build a team, community or network. My best experience has come from non-traditional mentorship, leadership. Find someone who has a value or ability that you are interested in and ask them about it.
If you find value in this newsletter please consider sharing it to your friends and colleagues. Signup at https://newsletter.blackharbor.io/
View our past dispatches at https://blackharbor.io/category/dispatch/