Passing the OSEP Exam Using Sliver
Tags
attack-pattern: Lsa Secrets - T1003.004 Powershell - T1059.001 Process Hollowing - T1055.012 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Powershell - T1086 Process Hollowing - T1093
Show in Graph
Common Information
Type Value
UUID cdcc9aa7-7e0a-4695-a2c6-ba8cfc61ba5d
Fingerprint 53090d130be7c5e3
Analysis status DONE
Considered CTI value 2
Text language
Published Sept. 18, 2023, midnight
Added to db Aug. 31, 2024, 11:02 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Passing the OSEP Exam Using Sliver
Title Passing the OSEP Exam Using Sliver
Detected Hints/Tags/Attributes 71/1/26
Source URLs
Redirection Url
Details Source https://bishopfox.com/blog/passing-the-osep-exam-using-sliver
URL Provider
Details Provider Source level domain
Details bishopfox.com bishopfox.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 444 bishopfox.com https://bishopfox.com/feeds/blog.rss 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 339 
system.net
Details Domain 16 
atexec.py
Details File 14 
reflection.bin
Details File 3 
sc.txt
Details File 1208 
powershell.exe
Details File 3 
printspoofer64.exe
Details File 44 
payload.bin
Details File 1 
c:\windows\tasks\sph.exe
Details File 380 
notepad.exe
Details File 2 
c:\program files\windows defender\mpcmdrun.exe
Details File 32 
powerview.ps1
Details File 1 
sharpsecdump.reg
Details File 14 
atexec.py
Details md5 33 
aad3b435b51404eeaad3b435b51404ee
Details md5 1 
dbd13e1c4e338284ac4e9874f7de6ef4
Details md5 19 
31d6cfe0d16ae931b73c59d7e0c089c0
Details md5 1 
1b16028ab3b7b19abd51b63225ceb3da
Details md5 1 
0e0c802c7b0ce373652f5340c1f0ddb1
Details md5 1 
a2761ac02aeaf49f905242e883378de7
Details sha1 1 
2d9843b971cd6c8edd577e5671319dea3101afe8
Details sha1 1 
60dabb72dc2f90da70c65c97980cad9b70241275
Details IPv4 14 
192.168.56.1
Details IPv4 3 
192.168.56.22
Details IPv4 4 
192.168.56.11
Details Url 1 
http://192.168.56.1:9000/sc.txt
Details Url 1 
http://192.168.56.1:9090/powerview.ps1