Windows BITS Inject

SafeBreach Labs has updated the Hacker's Playbook™ with simulations for US-CERT Technical Alert Alert TA17-164A, which covers malicious cyber activity referred to as HIDDEN COBRA. Customers can use these simulations to safely test their security controls against the specific tactics and techniques used in this campaign.

The campaign often targets Adobe Flash player vulnerabilities to gain initial entry, after which various malware samples are used to perform attacks ranging from DDoS/disruptive attacks, to data exfiltration.

To assess security control effectiveness against techniques involved in the HIDDEN COBRA campaigns, the SafeBreach Breach and Attack Simulation Platform specifically tests the following endpoint and network security controls:

Playbook #1326 - Suspicious files

• Endpoint controls - Is the installation of suspicious files related to HIDDEN COBRA attacks being stopped?

Playbook #1327, #1329 - Adobe Flash exploit tools

• Network controls - Are controls in place that prevent the download of exploit tools that target Adobe Flash?

Additional breach methods added recently include:

• PowerPoint Mouse-over
• JAFF
• WannaCry Ransomware

The SafeBreach Hacker's Playbook™ of breach methods simulates these breach scenarios, and thousands more, without impacting users or infrastructure. Breach methods are constantly updated by SafeBreach Labs, our team of offensive security researchers, to help keep customers ahead of attacks.