Post-Exploitation
Ransomware gangs increasingly use Skitnet post-exploitation malware
Ransomware gang members increasingly use a new malware called Skitnet (“Bossnet”) to perform stealthy post-exploitation activities on breached networks. The malware has been offered for sale on underground forums like RAMP since April 2024, but according to Prodaft researchers, it started gaining significant traction among ransomware gangs since early 2025. Prodaft told GeekFeed they have observed […]
New Specula tool uses Outlook for remote code execution in Windows
Microsoft Outlook can be turned into a C2 beacon to remotely execute code, as demonstrated by a new red team post-exploitation framework named “Specula,” released today by cybersecurity firm TrustedSec. This C2 framework works by creating a custom Outlook Home Page using WebView by exploiting CVE-2017-11774, an Outlook security feature bypass vulnerability patched in October 2017. “In […]