.. /StaqLab
Star

Access
Exfiltration
Phishing

Staqlab enables insider threats and threat actors to create fake account on the website as there is no validation for account registration. In the Domains Section, threat actors can define dedicated tunnels subdomain name. Using the token for the authorization on the local system will enable them to connect to dynamically generated domains or else specified domains.

Paths:

Acknowledgements:

Detections:

Access

  1. This will register the local staqlab-tunnel.exe with the registered account.

    staqlab-tunnel.exe token=<AUTH TOKEN>
    Use case
    Authenticating, generating and accessing the URL.
    Privileges required
    User
    Operating systems
    Windows, Mac, Linux, Raspberry Pi

Exfiltration

  1. This will create a tunnel to the port defined.

    staqlab-tunnel.exe port=<PORT>
    Use case
    Exposing the local server running on local port over dynamic Staqlab Tunnels.
    Privileges required
    User
    Operating systems
    Windows, Mac, Linux, Raspberry Pi

Phishing

  1. Exposing the local server running on local port over Staqlab Tunnels having static domain names defined in the dashboard. This can be used in Phishing Campaigns. However, the dynamically generated links can also be used for the same purpose.

    staqlab-tunnel.exe port=<PORT> domain=<DOMAIN>
    Use case
    Exposing the local server running on local port over static Staqlab Tunnels.
    Privileges required
    User
    Operating systems
    Windows, Mac, Linux, Raspberry Pi