Inside Out Insights

Recently, we discussed various methods of persistence on corporate devices and a colleague of mine mentioned a tool he had written. We weren't certain if we could use this to our advantage, but we explored the possibility of exploiting Electron applications further.

All the methods proposed in this blog post (DLL Hijacking, Remote Debugging Protocol, Beemka) are not new and have already been extensively documented elsewhere. But as it took me a long time to recompile a current list of possible methods, i wanted to provide one reference point for Electron post-exploitation for persistence.

I had some issues with two-factor authentication on a Synology NAS. It wasn't recognizing any second factors, so I couldn't log in to my computer.

Luckily for me, I have SSH access with public/private keys in place and full root access to the NAS.

tl;dr; I got bored the other day and wanted to reverse some firmware. Why not target a device a friend owned? This was the beginning of the Zyxel Backdoor Hell of 2021-2022. If you have a Zyxel Device and have shell access, check for the User NsaRescueAngel and if there is a password set in /etc/shadow