Reply to post: How is this new?

Revealed: Malware that skulks in memory, invisibly collecting sysadmins' passwords

Anonymous Coward
Anonymous Coward

How is this new?

Meterpreter has existed for a very long time now, and is well known for being memory resident, which is why you can bypass 'traditional' AV which ususally looks at binaries on disk access. Wrap your meterpreter payload in msfvenom or veil-evasion and voila - you have an AV bypass. Invoking mimikatz with powershell to dump the credentials is also a common pentester habit - but again, hardly new.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021