Tuesday, May 17, 2022

LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript

Liquid Snake

Liquid Snake is a program aimed at performing lateral movement against Windows systems without touching the disk. The tool relies on WMI Event Subscription in order to execute a .NET assembly in memory, the .NET assembly will listen for a shellcode on a named pipe and then execute it using a variation of the thread hijacking shellcode injection.

The diagram below (hopefully) clarifies the flow of data:


MDSec – WMI Event Subscription – this tool is merely an implementatio…

Read More

Latest news
Related news