![iFixit Tears Down New M4 MacBook Air [Video]](https://www.iclarified.com/images/news/96717/96717/96717-640.jpg)
![Apple Officially Announces Return of 'Ted Lasso' for Fourth Season [Video]](https://www.iclarified.com/images/news/96710/96710/96710-640.jpg)
![9to5Rewards: Last chance to win a MacBook Pro from Chargeasap [Giveaway]](https://i0.wp.com/9to5mac.com/wp-content/uploads/sites/6/2024/10/M4-MacBook-Pro-doesnt-tempt-me-because-Apple-Silicon-Macs-are-almost-too-good.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![[The AI Show Episode 139]: The Government Knows AGI Is Coming, Superintelligence Strategy, OpenAI’s $20,000 Per Month Agents & Top 100 Gen AI Apps](https://www.marketingaiinstitute.com/hubfs/ep%20139%20cover-2.png)
![[The AI Show Episode 138]: Introducing GPT-4.5, Claude 3.7 Sonnet, Alexa+, Deep Research Now in ChatGPT Plus & How AI Is Disrupting Writing](https://www.marketingaiinstitute.com/hubfs/ep%20138%20cover.png)
![If I use an API licensed with apache 2.0 in my project, what license do I use and what should I be aware of? [closed]](https://cdn.sstatic.net/Sites/softwareengineering/Img/apple-touch-icon@2.png?v=1ef7363febba)
.jpg?#)
.jpg?#)
Hackers Using Pyramid Pentesting Tool For Stealthy C2 Communications
Hackers have been leveraging the open-source Pyramid pentesting tool to establish stealthy command-and-control (C2) communications. Pyramid, first released on GitHub in 2023, is a Python-based post-exploitation framework designed to evade endpoint detection and response (EDR) tools. Its lightweight HTTP/S server capabilities make it an attractive choice for malicious actors seeking to minimize detection. Pyramid is […] The post Hackers Using Pyramid Pentesting Tool For Stealthy C2 Communications appeared first on Cyber Security News.
Hackers have been leveraging the open-source Pyramid pentesting tool to establish stealthy command-and-control (C2) communications.
Pyramid, first released on GitHub in 2023, is a Python-based post-exploitation framework designed to evade endpoint detection and response (EDR) tools.
Its lightweight HTTP/S server capabilities make it an attractive choice for malicious actors seeking to minimize detection.
Pyramid is built on Python’s legitimate presence in many environments, utilizing a Python-based HTTP/S server to deliver files and act as a C2 server for offensive operations.
The framework includes modules that load well-known tools like BloodHound, secretsdump, and LaZagne directly into memory.
Security analysts at Hunt.io identified that this in-memory execution allows operators to act within the context of a signed Python interpreter, potentially bypassing traditional endpoint security measures.
.webp)
Detection Opportunities
Identifying Pyramid servers involves analyzing specific network signatures. When interacting with a suspected Pyramid server, the response headers exhibit distinct characteristics:
Server: BaseHTTP/0.6 Python/3.10.4
Date:
WWW-Authenticate: Basic realm="Demo Realm"
Content-Type: application/jsonThe server also returns a JSON response body:-
{
"success": false,
"error": "No auth header received"
}.webp)
Recent scans have identified several IP addresses associated with Pyramid servers, including 104.238.61[.]144, 92.118.112[.]208, and 45.82.85[.]50.
These servers were linked to domains resembling DevaGroup, an internet marketing service, though no malicious samples have been found yet.
.webp)
Technical Details for Detection:-
- HTTP Status Code: 401 Unauthorized
- Response Body Hash (SHA-256): 54477efe7ddfa471efdcc83f2e1ffb5687ac9dca2bc8a2b86b2 53cdbb5cb9c84
- Server Header: BaseHTTP/0.* Python/3.*
- Authentication and Content Headers: WWW-Authenticate: Basic realm=”Demo Realm” and Content-Type: application/json
These parameters can be used to craft structured queries for identifying Pyramid-related infrastructure, enhancing cybersecurity defenses.
By focusing on authentication challenges, response headers, and specific error messages, defenders can improve detection fidelity and minimize false positives.
As open-source offensive security tools continue to advance, tracking similar implementations will provide early warnings of new infrastructure and refine detection methodologies.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
The post Hackers Using Pyramid Pentesting Tool For Stealthy C2 Communications appeared first on Cyber Security News.
 Vulnerability.webp?#)
