Pronico

From Enlace Hacktivista
Jump to navigation Jump to search

Pronico operates the Fenix mine in Guatemala, which has a long history of human rights abuses, environmental damage, and resistance by the surrounding communities.

Media Coverage

English:

Spanish:

Hack

The hack was done by a group calling themselves Guacamaya

Video

The hackers published a video showing in detail how they hacked Pronico, downloaded files and emails to leak, and then repeatedly sabotaged the company's computers over the course of 6 months. It can be downloaded here or watched here. Credits for the video's soundtrack is available here

Video Timeline

0:51    Introduction
2:05    ProxyLogon
5:35    Other methods of initial access
7:15    Get Domain Admin via dumping LSA secrets
13:35   Lateral movement onto other servers
15:40   Backdooring a switch
21:42   Golden Tickets
25:08   Eternal Blue
32:56   Enabling wdigest and dumping passwords with mimikatz
33:53   Grabbing VPN and saved browser passwords of sysadmin
40:26   Scanning for SMB shares
42:45   Exfiltrating files
49:09   Enabling file sharing via group policy
54:35   Exfiltrating e-mail
1:03:22 Wiping company's storage servers
1:11:31 Wiping computers with Kaspersky
1:13:07 Wiping servers using diskpart
1:14:46 Wiping Office 365
1:24:16 Wiping windows domain with Bitlocker
1:40:28 Stealthy persistence and avoiding AV with dnscat2
1:45:28 Avoiding AV with mimikatz
1:47:03 Wiping storage servers via iscsi
2:06:18 Avoiding AV to exploit PrintNightmare
2:13:35 Wiping windows domain with sdelete