ClickFix is a method of social engineering that has been becoming more popular recently as a method to distribute malware. It is especially interesting as instead of relying on any software exploit for stage four of the Cyber Kill Chain, it instead exploits the user through social engineering.

Let’s take a look at an example from the site https://vtmarkets[.]top/:

As we can see, the site presents us with a captcha button to press, something that most people interact with mindlessly every day.

A while ago I stumbled upon a great article by Alex Henderson here about using Discord as a platform to receive notifications on SSH login activity. This was incredibly useful in a blue team CTF I took part in a few months ago, as it gave us real-time notifications of the red team’s activity on our systems. This allowed us to respond to incidents quickly. One issue we did face in the competition when using this method was that implementing it on the dozens of machines under our control took a long time, so during the competition I threw together a bash script that would perform all the necessary steps to get this working on a system. This script was however very quick & dirty and not worthy of being shared, but I thought I should create a better version after the competition ended.