September 25, 2024 at 10:21AM
Cybersecurity researchers discovered a new post-exploitation tool, Splinter, with features commonly found in penetration testing tools, developed in Rust. While not as advanced as others, it poses a threat if misused. No threat actor activity has been detected, but its large size suggests potential for cloud and data compromise. This underscores the need for up-to-date prevention and detection capabilities.
Key takeaways from the meeting notes:
– The discovery of a new post-exploitation red team tool called Splinter in the wild, developed using the Rust programming language.
– Splinter, while not as advanced as other well-known post-exploitation tools like Cobalt Strike, presents a potential threat if misused.
– The large size of Splinter, around 7 MB, is due to the presence of 61 Rust crates within it.
– Splinter comes with a configuration that includes information about the C2 server and is controlled by a task-based model.
– Functions of Splinter include executing Windows commands, running modules via remote process injection, uploading and downloading files, collecting cloud service account info, and self-deleting from the system.
– The disclosure is accompanied by details of attack methods that could be exploited by threat actors to achieve stealthy code injection and privilege escalation.
– Security researchers have shed light on new process injection techniques, such as Thread Name-Calling, and emphasized the importance of staying up to date on prevention and detection capabilities.
For more exclusive content, follow on Twitter and LinkedIn.