Getting third party C2 channels to work effortlessly with any implant.
Coming Soon! C3 is great but takes too much work to get a new C2 framework to work with it, and hasn’t been fully updated. The included covenant connector do...
Coming Soon! C3 is great but takes too much work to get a new C2 framework to work with it, and hasn’t been fully updated. The included covenant connector do...
If you ever uploaded a live implant to VirusTotal you will notice many callbacks from sandboxes. A common defense faced by attackers is the use of EDRs that ...
I have migrated my blog from Keystone.js to Jekyll. I have also switched from self hosting to using GitHub pages.
Microsoft Word macros are often utilized in spear phishing attacks. These documents typically include a lure to trick the user into clicking “Enable Content....
Data exfiltration is a continual process during the post-exploitation stage. After initial entry, the attacker targets the domain admins. The attackers often...
My plan is fairly simple: read the memory of each process and scan it for static indicators of meterpreter.
Public PowerShell obfuscators like Invoke-Obfuscation and ISE Steroids do not actually rename the function and variable names, which makes easier to use beca...
Kaspersky antivirus is notorious for being difficult to bypass. Black Hills did an interesting blog post where they experienced difficulty bypassing Kasp...
Edit: Google fixed this by introducing a redirect warning page that requires the user to click the redirected link.
Ransomware encrypts data and demands ransom money for the decryption key. The ransomware threat is growing, and it is increasingly targeting businesses. Whil...
Spear phishing, a targeted form of phishing, is a major security threat for all organizations. Both cybercriminals and nation-state sponsored hackers favor t...