Most Hackers Use OST Projects in Their Jobs
The cyber community has long been fighting over the open sourcing of offensive hacking tools. It’s divided into two groups while arguing over this topic, where one side says this helps to prepare networks and systems against future attacks, and the other argues about simplifying the hacker’s job. While both are reasonable, these were just debated based on the personal opinions of either side, without referencing any offical reports. Thus, to make it clear, Paul Litvak from Intezer Labs has released a report, that’s made from researching on 129 open source offensive hacking tools and some malware samples.
His report covered the usage of these tools by low-level hackers to professional cyber attackers to APTs (nation-state backed hackers). From the reports, it’s found that the popular groups like TrickBot and DarkHotel have used the open-source tools made by cybersecurity researchers. They’ve used tools for memory injection, remote accessing and moving across the network. In that, the popular tools were the ReflectiveDllInjection library and MemoryModule library for memory injection and Powersploit, Empire and Quasar were are being used as popular RAT tools. In terms of lateral movement, Mimikatz is recorded as a popular tool. For UAC bypass libraries, the UACME library termed as most popular overall, but for Asian hacking groups, it’s the Win7Elevate probably because of Windows 7’s dominance in the region. Litvak has also suggested some tips on how to thwart these problems. He said that implementing complex features that makes it hard for understanding can avoid at least some of the projects from exploiting. This code complexity concept was tried by Mimikatz author and should be tried by other security researchers who wanted to make their own offensive hacking tools open.