리소스 살펴보기 / Executing MIMIKATZ & Password Scraping via NPM ‘Postinstall’ Script – SentinelOne’s Demo – Forensics

1월 8, 2024

Executing MIMIKATZ & Password Scraping via NPM ‘Postinstall’ Script – SentinelOne’s Demo – Forensics

In this video, we explore a critical aspect of software security: the execution of malicious programs through 'postinstall' scripts in npm packages. SentinelOne sheds light on how threat actors can leverage these scripts, typically used in Node.js development, to initiate attacks such as Mimikatz. We analyze the potential risks when these scripts are run with the same permissions as the npm installation. The demonstration includes a scenario where a trojanized npm package uses the 'postinstall' functionality to trigger malicious code. We walk you through the process, showing how the package's index.js file can play a pivotal role in spreading the attack, reaching out to public paste sites like Pastebin and Github to stage and execute harmful code. The video emphasizes the need for stronger security measures in npm package management and provides insights into recognizing attack indicators. It highlights the importance of a robust security platform capable of autonomously detecting and responding to such threats. Join us in this technical journey as we dissect the steps of executing a PowerShell command to download and run Mimikatz from a public Github repository, all initiated by a seemingly harmless npm package installation. This video is not just about understanding the risk but also about learning how to protect against such sophisticated attack vectors in software development. 1. #SentinelOneDemo 2. #MaliciousPrograms 3. #PostinstallSecurity 4. #MimikatzAttack 5. #npmPackageSecurity 6. #GithubSecurity 7. #PowershellMimikatz 8. #NodeExeThreat 9. #EnterpriseSecurity 10. #CyberSecurityInsights SentinelOne, Malicious Program Execution, Postinstall Security, Mimikatz, npm Package, Cybersecurity, Github Vulnerabilities, PowerShell Attacks, Node.exe, Trojanized npm Package, Public Paste Sites, Malicious Code Execution, Security Risks, Enterprise Security, Network Monitoring, DNS Requests, IP Address Monitoring, Modern Security Platforms, Autonomous Detection, Malicious Behavior, Security Essentials, Attack Indicators, Threat Mitigation, Staging and Exfiltration Controls, Security Analysis, Cyber Defense, Attack Scenarios, Security Demos, Technical Insights, IT Security, Cyber Threats, Security Solutions, Advanced Security.

View Asset

Executing MIMIKATZ & Password Scraping via NPM ‘Postinstall’ Script – SentinelOne’s Demo – Forensics

세계에서 가장 앞선 사이버 보안 플랫폼 경험하기