Summary
The purpose of this release is to provide the first .NET Native Ahead-of-Time Compiled payload for SpecterInsight to get after our goal of providing defense evasion out-of-the-box. Additionally, we shored up a number of bugs and published 7 new SpecterScripts which add new techniques for lateral movement and persistence. Please see the notes below for the full details.
Release Notes
Features
- The SpecterInsight Server now automatically adds a Firewall exception if run as Administrator.
- New Payloads
- Native Ahead-of-Time (AOT) Payload
- CSharp Source Code
- URLs for various payloads
SpecterScripts
- Remote Command using WMI via Commandline
- Remote Command using WMI via API
- Lateral Movement with WMI and PowerShell Cradle via Commandline
- Lateral Movement with WMI and PowerShell Cradle via API
- Lateral Movement Using Service Control Manager and Custom Binary (PSExec)
- Persistence Using Service Control Manager and Custom Binary
- Improved Get Detailed Process Information output formatting
Bug Fixes
- Fixed bug where nested strings in SpecterScript parameters caused a parsing exception.
- Fixed bug in Port Scan Target System SpecterScript where it did not load dependencies.
- Fixed bug where Build suggestions did not populate in the command builder.
- Fixed bug where Port Forward UI would not enable the “Add” button.
- Fixed bug where multiple tunnels would result in collisions internally.