Ligolo-ng is a tunneling and pivoting tool to access internal networks through reverse TCP/TLS connections. Unlike SOCKS proxies, it uses a TUN interface to route traffic within compromised environments. This is very useful for security professionals to do penetration tests as it allows for efficient lateral movement and network exploration.
Ligolo-ng has several features that makes it useful for security assessments. It has a simple UI with agent selection and network info display, so it’s easy to use for both noobs and pros. It supports automatic certificate config with Let’s Encrypt so you don’t have to manage certificates manually. It also has multiplexing capabilities so you can have multiple connections over a single tunnel and doesn’t require elevated privs to work. The agent is compatible with multiple platforms so it’s versatile in different network environments.
Use in Offensive Security
In offensive security scenarios Ligolo-ng is used to establish tunnels from compromised machines back to the attacker’s infrastructure. This allows the attacker to pivot into internal networks, do reconnaissance and exploit additional systems. It can create a userland network stack using gVisor so you can run Nmap without proxychains and simplify/accelerate the assessment.
Detection and Mitigation Challenges
Although used in legitimate penetration testing, Ligolo-ng can be used by malicious actors so detection challenges. The use of TLS and legitimate looking traffic patterns makes it hard for traditional security solutions to detect unauthorized usage. Security teams must use advanced monitoring techniques like anomaly based detection and behavioral analysis to detect and mitigate Ligolo-ng abuse.
Implement advanced network monitoring to detect tunneling traffic.
Use endpoint protection solutions that can detect and block Ligolo-ng.
Do regular threat hunting to find potential misuse of legitimate tools in your environment.
Educate users about phishing and social engineering risks that can lead to the deployment of such tools.