Shadowbunny article published in the PenTest Magazine

The Shadowbunny TTP in the PenTest Magazine

The latest edition of the PenTest Magazine features an article of mine about using virtual machines (VMs) during lateral movement to establish persistence and evade detections.

A few years back when I came up with the idea of using VMs for lateral movement during red teaming, I called it the Shadowbunny TTP and that name stuck around in my head. There is more info in the article around the origin of the name also.

Real world adversaries have been using VMs as well, including the Ragnar Locker Ransomware, and it’s time to shine more light on this, so that we have better chances of detecting such attacks.

At a high level the article walks the reader through creation, installation, configuration, and pivoting steps for a custom Shadowbunny VM using VirtualBox. It also discusses techniques and ideas for detections.

You can get the magazine including the Shadowbunny article and many other great works here: PenTest Magazine - May 2020

Future information about the Shadowbunny technique

Watch out for more information about the Shadowbunny TTP on this blog and my Twitter in future.


Thanks to Bartek and the rest of the amazing PenTest Magazine team for their help in getting this pusblished.