Vakaris Žilius

Sorry for the delay, join our slack to get answers faster. We use Apache Tomcat 8.0.36 for tests. You also need to make sure you're running a vulnerable version of...

## Here's a tutorial Apache Tomcat due to its nature to not use specific library for logging is not vulnerable to log4shell exploit, but a lot of people decides to...

Wait, so HTTP and TCP don't work on multiple hops, but together they can do multiple hops? At least 3 hops were working in the past (island -> tunneling 9...

A working, cross-platform script with whitelisting (not production-ready though): ``` from pathlib import Path import os from typing import List import logging logging.basicConfig(level=logging.INFO) logger = logging.getLogger(__name__) ISLAND_WHITELIST = [ "pyinstaller",...

Possible solutions: First and foremost we should consider creating an AV testing environment. So far the candidates: - Opswat cloud with an API - Creating a couple of VM's in...

A list of potential tools to use: - [Invoke-Obfuscation](https://github.com/danielbohannon/Invoke-Obfuscation) - [AVET](https://github.com/govolution/avet) - [BeaEngine](https://github.com/BeaEngine/beaengine) - [ShellterProject](https://www.shellterproject.com/license/)

The whole AV gathering procedure could be potentially improved. Maybe we could utilize a library for AV discovery: https://pypi.org/project/windows-tools.antivirus/ . AV detection should also trigger a new [Software discovery](https://attack.mitre.org/techniques/T1518/001/) attack...

Possible solution: https://github.com/citronneur/rdpy/tree/python3 but we need to wait until this is finished (if ever). No other alternatives found :/

Found this one, but not sure if and how this could be used as a library https://github.com/FreeRDP/FreeRDP

Use environmental variables on windows as well (passing CMD parameter is also an option, but we should strive for a consistent interface between different agents). Windows command can look something...