Security News > 2022 > August > More hackers adopt Sliver toolkit as a Cobalt Strike alternative
The open-source, cross-platform kit called Sliver is becoming an attractive alternative.
A report from Microsoft notes that hackers, from state-sponsored groups to cybercrime gangs, are more and more using in attacks the Go-based Sliver security testing tool developed by researchers at BishopFox cybersecurity company.
Despite being a novel threat, there are methods to detect malicious activity caused by the Sliver framework as well as by stealthier threats.
Microsoft provides a set of tactics, techniques, and procedures that defenders can use to identify Sliver and other emerging C2 frameworks.
Since the Sliver C2 network supports multiple protocols and accepts implants/operator connections, and can host files to mimic a legitimate web server, threat hunters can set up listeners to identify anomalies on the network for Sliver infrastructure.
For Sliver malware payloads that don't have much context, Microsoft recommends extracting configurations when they're loaded into memory since the framework has to de-obfuscate and decrypt them to be able to use them.