Probing VirusTotal sandboxes for custom detection markers.
If you ever uploaded a live implant to VirusTotal you will notice many callbacks from sandboxes. A common defense faced by attackers is the use of EDRs that ...
If you ever uploaded a live implant to VirusTotal you will notice many callbacks from sandboxes. A common defense faced by attackers is the use of EDRs that ...
Public PowerShell obfuscators like Invoke-Obfuscation and ISE Steroids do not actually rename the function and variable names, which makes easier to use beca...
Kaspersky antivirus is notorious for being difficult to bypass. Black Hills did an interesting blog post where they experienced difficulty bypassing Kasp...
Microsoft Word macros are often utilized in spear phishing attacks. These documents typically include a lure to trick the user into clicking “Enable Content....
Spear phishing, a targeted form of phishing, is a major security threat for all organizations. Both cybercriminals and nation-state sponsored hackers favor t...
Ransomware encrypts data and demands ransom money for the decryption key. The ransomware threat is growing, and it is increasingly targeting businesses. Whil...
Edit: Google fixed this by introducing a redirect warning page that requires the user to click the redirected link.
Kaspersky antivirus is notorious for being difficult to bypass. Black Hills did an interesting blog post where they experienced difficulty bypassing Kasp...
Public PowerShell obfuscators like Invoke-Obfuscation and ISE Steroids do not actually rename the function and variable names, which makes easier to use beca...
My plan is fairly simple: read the memory of each process and scan it for static indicators of meterpreter.
Data exfiltration is a continual process during the post-exploitation stage. After initial entry, the attacker targets the domain admins. The attackers often...
I have migrated my blog from Keystone.js to Jekyll. I have also switched from self hosting to using GitHub pages.
Coming Soon! C3 is great but takes too much work to get a new C2 framework to work with it, and hasn’t been fully updated. The included covenant connector do...