Offensively Groovy
ID: fdd11288-1a62-5b5c-8d20-123029ec9228
STIX ID: report--fdd11288-1a62-5b5c-8d20-123029ec9228
Feed Name: TrustedSec blog
Threat Score
This red-team report describes compromising a Jenkins admin account and demonstrates post-exploitation using Groovy and Java Native Access (JNA) on Windows: host enumeration, file reading, process listing, in-memory code injection (VirtualAlloc/Write/VirtualProtect/CreateThread), DLL loading via Native.load, and service creation for persistence. The document includes code snippets and a link to a repository with the full scripts.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.