0
  • Home
  • Blog
  • DVS - D(COM) V(ulnerability) S(canner) AKA Devious swiss army knife

DVS - D(COM) V(ulnerability) S(canner) AKA Devious swiss army knife

(340 views)

Did you ever wonder how you can move laterally through internal networks? or interact with remote machines without alerting EDRs? Let's assume that we have valid credentials or an active session with access to a remote machine, but we are without an option for executing a process remotely in a known, expected, or a highly-monitored method (i.e. WMI, Task Scheduler, WinRM, PowerShell Remoting). For these scenarios, the DVS framework comes to the rescue. https://github.com/ScorpionesLabs/DVS The DVS framework is a swiss army knife that allows you to enumerate vulnerable functions of remote DCOM objects, launch them and even launch attacks using them. The framework is being developed with a "Red Team" mindset and uses stealth methods to compromise remote machines. The DVS framework contains various ways to bypass remote hardening against DCOM by re-enabling DCOM access remotely and automatically grant the required permissions to the attacking user. The framework can also....

Read the rest of this story with a free account.

Already have an account? Sign in

October 13, 2020
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Get unlimited access

Become an Instructor

Become a Reviewer

Writing on Hakin9

LOOKING for a JOB in IT security?



© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
Please review your information and consent to the processing of your personal data.(Required)
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?
Please review your information and consent to the processing of your personal data.(Required)

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.