All posts for: ThreatCheck

Tags
How to Bypass Windows 11 Defender and Use Ligolo-ng for Pivoting: An Analysis of ThreatCheck and Ligolo-ng Tools
During red team tests, after gaining access to the first machine, it is worth setting up a tunnel to facilitate and speed up further reconnaissance of the internal network. Using SOCKS proxy and Metasploit is not an optimal solution, as scanning the network for the next target takes a lot of time. In such a situation, it is worth looking for an alternative solution that increases work efficiency. An ideal tool in this case is Ligolo-ng — a simple, lightweight, and fast tool that allows establishing TCP/TLS tunnels using a tun interface, without the need for SOCKS. However, the tool is well known not only to pentesters but also to cybersecurity analysts, which makes it easily detectable by various antivirus programs, including Windows Defender. In this article, I will show how to bypass Windows Defender detection using an additional tool called ThreatCheck. The method described worked well during my recent tests.
Red Team Windows Defender ThreatCheck Ligolo-ng Pivoting tools Network pivoting Bypassing Security
Jan 8, 2025 5 min read
How to Bypass Windows 11 Defender and Use Ligolo-ng for Pivoting: An Analysis of ThreatCheck and Ligolo-ng Tools