SecSmash: Leveraging Enterprise Tools for command execution, lateral movement and C2

Release

We are releasing the SecSmash tool we announced at BSIDES LV. SecSmash is a framework that allows you to turn centralized management, monitoring, and security tools into C2 infrastructure. Check out the tool on Github: https://github.com/tevora-threat/SecSmash

Secsmash is a modular framework for leveraging credentials to enterprise security tools to own the enterprise. Instead of spinning up your own C2 on a pentest, leverage the C2 that organizations have already deployed.

For full details on the idea behind the tool, and ways it can be used, check out the talk: https://www.youtube.com/watch?v=M6pHI-bwuB4&index=3&list=PLjpIlpOLoRNRf4qID4oeAUvhkSGfWRAnd

We are launching with Carbon Black and Tripwire integration.

The Framework

We've built an HTTP integrator that takes inputs, and extractions to generate new inputs, to drive a chain of HTTP request to authenticate to the target system, enumerate connected hosts, and run commands.

Integrations can also be built from scratch if they match the Integrator interface.

We will be shoring up our documentation in the coming months and are hoping to see community involvement in module creation and sharing!

Kevin Dick

Read more posts by this author.