News Feed
  • DrugHub has agreed to fully refund all users who lost money in the SuperMarket exit scam.  
  • Retro Market has gone offline. Circumstances of the closure unknown.  
  • SuperMarket has closed following an exit scam by one of the admins.  
  • The admin of Incognito Market, Pharoah, has been arrested by the FBI several months after exit scamming.  
  • Silk RoadTorhoo mini logo
  • darknet markets list
  • Popular P2P exchange LocalMonero has announced it is closing.  

Automate Lateral Movement : hacking | Torhoo darknet markets

Hi, is it possible to develop a malware that automatically pivot from one host to another host inside a subnet? can someone give references from some APT's/threat actors to learn? thanks in advance
/u/noco2fast
1 points
5 days ago
yeah it’s possible, look into lateral movement techniques.
u can also check out tools like Cobalt Strike, Impacket, BloodHound, and PsExec.
for real-world APT refs, study APT29, FIN7, and so...
MITRE ATT&CK has detailed TTPs: https://attack(dot)mitre(dot)org/tactics/TA0008/
/u/AutoModerator M
1 points
5 days ago
[removed by moderators]
/u/R4xd0ll 📢 🍼
1 points
3 days ago
thanks mate, I have tried Impacket suite and bloodhound but so far didn't find the feature to automatic lateral movement. My goal is creating agent that can move to another host inside a network
/u/Security101 P
1 points
4 days ago
Some of them exists but not on public platforms.
/u/R4xd0ll 📢 🍼
1 points
3 days ago
any suggestion where to find them?
/u/Security101 P
1 points
3 days ago
I am not allowed to share liniks to platforms but this will help.

Real APT Examples to Study
APT29 (Cozy Bear / Nobelium)
Known for stealthy lateral movement using token impersonation and WMI.

Used legitimate tools like Rubeus, Cobalt Strike, and Kerberos abuse.

Reference: Mandiant APT29 Report

APT10 (Stone Panda / China)
Lateral movement via logon scripts, scheduled tasks, and remote desktop abuse.

Used DLL side-loading to hide presence.

Reference: Operation Cloud Hopper

WannaCry & NotPetya (Russia/North Korea)
Not true APTs, but both wormed through SMBv1 EternalBlue exploits.

Demonstrated automated subnet-wide pivoting via unpatched systems.

UNC1878 / Wizard Spider (Ryuk / Trickbot operators)
Used automated tools like BloodHound, PowerShell Empire, and custom scripts to auto-pivot across hospitals and enterprises.

Ref: CrowdStrike Threat Intelligence

Learning Resources & Tools

Tools Used in Auto-Lateral Frameworks

Impacket (Python toolkit: WMIExec, SMBExec, etc.)

CrackMapExec

SharpHound (BloodHound collector)

Cobalt Strike Aggressor scripts

Metasploit’s AutoRoute + autorunscripts

Learn From:

MITRE ATT&CK – Lateral Movement Techniques

Red Team Operator’s Manual

GitHub repositories:

https://github.com/byt3bl33d3r/CrackMapExec

https://github.com/SecureAuthCorp/impacket

https://github.com/BC-SECURITY/Empire
/u/AutoModerator M
1 points
3 days ago
All links require moderator approval.

All links require moderator approval.

All links require moderator approval.

This comment was posted automatically by a bot. All AutoModerator settings are configured by individual communities. Contact this community's Moderators to have your post approved if you believe this was in error.
  • Sponsors
VigorSwap Instant Crypto Exchange
FraudGPT

  • Explore Torhoo!

© Torhoo! 2025

All links are for educational and research purposes only. Torhoo! does not vouch for any site.

Advertise on Torhoo