{"id":47589,"date":"2022-07-20T00:00:00","date_gmt":"2022-07-20T00:00:00","guid":{"rendered":"urn:uuid:ac8155fe-782f-6041-a012-9310af5e7271"},"modified":"2022-07-20T00:00:00","modified_gmt":"2022-07-20T00:00:00","slug":"analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\/","title":{"rendered":"Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/g\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\/PENTESTTN.jpg\"><\/p>\n<div><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/g\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\/PENTESTTN.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>The use of legitimate Windows tools as part of malicious actors\u2019 malware arsenal has become a common observation in cyber incursions in recent years. We\u2019ve discussed such use in a previous <a href=\"https:\/\/www.trendmicro.com\/vinfo\/br\/security\/news\/cybercrime-and-digital-threats\/updated-analysis-on-nefilim-ransomware-s-behavior\" target=\"_blank\" rel=\"noopener\">article<\/a> where <a href=\"https:\/\/docs.microsoft.com\/en-us\/sysinternals\/downloads\/psexec\" target=\"_blank\" rel=\"noopener\">PsExec<\/a>, <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/wmisdk\/wmi-start-page\" target=\"_blank\" rel=\"noopener\">Windows Management Instrumentation<\/a> (WMI), simple batch files or third-party tools such as <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/PUA.Win64.PCHunter.A\/\" target=\"_blank\" rel=\"noopener\">PC Hunter<\/a> and <a href=\"https:\/\/processhacker.sourceforge.io\/\" target=\"_blank\" rel=\"noopener\">Process Hacker<\/a> were used to disable endpoint security products, move laterally across networks, and exfiltrate information, among others. We have also extensively discussed legitimate tools that malicious actors <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/locked-loaded-and-in-the-wrong-hands-legitimate-tools-weaponized-for-ransomware-in-2021\" target=\"_blank\" rel=\"noopener\">weaponized for ransomware<\/a> in 2021.<\/p>\n<p>We uncovered two Python tools, Impacket and Responder, in our latest investigation. While the two are not new, they are nonetheless worth noting since both are normally used for penetration testing. Knowing that cybercriminals often upgrade their tactics, techniques, and procedures (TTPs) to broaden their scope and stay competitive, system defenders these days have come to expect attackers\u2019 crafty use of legitimate tools for nefarious ends.<\/p>\n<p><span class=\"body-subhead-title\">Impacket and Responder defined<\/span><\/p>\n<p>SecureAuth, the developer of <a href=\"https:\/\/www.secureauth.com\/labs\/open-source-tools\/impacket\/\" target=\"_blank\" rel=\"noopener\">Impacket<\/a>, defines it as a set of Python classes for working with network protocols. It offers low-level programmatic access to the packets and some protocols (such as <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows-server\/storage\/file-server\/file-server-smb-overview\" target=\"_blank\" rel=\"noopener\">SMB<\/a> and <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/rpc\/rpc-start-page\" target=\"_blank\" rel=\"noopener\">MSRPC<\/a>) or the protocol implementation itself. It also provides tools that enable a user to accomplish remote execution such as smbexec.py for use when the target machine does not have an available writeable share.<\/p>\n<p>Responder, on the other hand, is a <a href=\"https:\/\/github.com\/lgandx\/Responder\" target=\"_blank\" rel=\"noopener\">Windows environment takeover tool<\/a> that is widely used for internal penetration testing. According to <a href=\"https:\/\/attack.mitre.org\/software\/S0174\/\" target=\"_blank\" rel=\"noopener\">MITRE ATT&amp;CK\u00ae<\/a>, the main purpose of this open-source tool is to \u201cpoison name services to gather hashes and credentials from systems within a local network.\u201d Once the attackers poison the name services, Responder harvests the hashes and credentials. The tool is also used to poison <a href=\"https:\/\/www.microsoft.com\/en-us\/research\/publication\/link-local-multicast-name-resolution-llmnr\/#:~:text=The%20goal%20of%20Link%2DLocal,with%20a%20distinct%20resolver%20cache.\" target=\"_blank\" rel=\"noopener\">LLMNR<\/a>, <a href=\"https:\/\/www.techtarget.com\/searchnetworking\/definition\/NetBIOS#:~:text=NetBIOS%20(Network%20Basic%20Input%2FOutput%20System)%20is%20a%20network,%2C%20IBM%2Ddeveloped%20PC%20networks.\" target=\"_blank\" rel=\"noopener\">NBT-NS<\/a> and <a href=\"https:\/\/www.ionos.com\/digitalguide\/server\/know-how\/multicast-dns\/\" target=\"_blank\" rel=\"noopener\">MDNS<\/a> with built-in HTTP, SMB, MSSQL, FTP, and LDAP rogue authentication server supporting NTLMv1, NTLMv2\/LMv2, Extended Security NTLMSSP, and basic HTTP authentication. Many consider it as an essential penetration-testing tool.<\/p>\n<p>While there is more mention of Windows tools, Linux is just as vulnerable to such surreptitious methods. There is, in fact, a <a href=\"https:\/\/gtfobins.github.io\/\" target=\"_blank\" rel=\"noopener\">long list<\/a> of Linux binaries that malicious actors can exploit \u201cto&nbsp; break out restricted shells, escalate or maintain elevated privileges, transfer files, spawn bind and reverse shells, and facilitate other post-exploitation tasks.\u201d&nbsp; Malicious actors inevitably vascillate between Windows and Linux nowadays as the use of cloud technology and the implementation of remote work continue to expand.<\/p>\n<p>That Python runs on both Windows and Linux makes our findings significant. While organizations leverage the versatility of using both systems, this versatility is a double-edged sword in that it also provides more opportunities for cybercriminals to launch attacks, as we show in our findings.<\/p>\n<p><span class=\"body-subhead-title\">Stages of investigation: Key findings<\/span><\/p>\n<p>Since malicious actors stealthily employed legitimate tools in many stages of the attacks, detecting incursions from the samples we saw was tricky. The threat hunting team\u2019s investigation was triggered by the following event, which was observed in multiple hosts:<\/p>\n<p> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/g\/analyzing-penetration-testing-tools-that-threat-actors-use-to-br.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>We discovered the use of two Python penetration-testing tools, Impacket and Responder, that malicious actors used to compromise systems and exfiltrate data. We share our key findings in this report. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":47590,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9555,9523,9509],"class_list":["post-47589","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-exploitsvulnerabilities","tag-trend-micro-research-network","tag-trend-micro-research-research"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-07-20T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/g\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\/PENTESTTN.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data\",\"datePublished\":\"2022-07-20T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\\\/\"},\"wordCount\":508,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data.jpg\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Exploits&amp;Vulnerabilities\",\"Trend Micro Research : Network\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\\\/\",\"name\":\"Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data.jpg\",\"datePublished\":\"2022-07-20T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data.jpg\",\"width\":641,\"height\":350},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\/","og_locale":"en_US","og_type":"article","og_title":"Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-07-20T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/g\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\/PENTESTTN.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data","datePublished":"2022-07-20T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\/"},"wordCount":508,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/07\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data.jpg","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Exploits&amp;Vulnerabilities","Trend Micro Research : Network","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\/","url":"https:\/\/www.threatshub.org\/blog\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\/","name":"Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/07\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data.jpg","datePublished":"2022-07-20T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/07\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/07\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data.jpg","width":641,"height":350},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/analyzing-penetration-testing-tools-that-threat-actors-use-to-breach-systems-and-steal-data\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/47589","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=47589"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/47589\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/47590"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=47589"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=47589"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=47589"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}