Endpoint Security Self-Protection on MacOS

In this post we will analyse BitDefender on MacOS, looking at some of the self-protection methods hooking MacOS. At the end of the post, we will have a bit of fun and show just how we can leverage this technology to hide our malware during an engagement.…

Read more »

Escaping the Sandbox – Microsoft Office on MacOS

You’ve completed your recon, and found that your target is using MacOS… what next? With the increased popularity of MacOS in the enterprise, we are often finding that having phishing payloads targeting only Microsoft Windows endpoints is not enough during a typical engagement. With this in mind, I wanted to find an effective method of landing a stager on a MacOS system during a phishing campaign. In this walkthrough, I will show one possible way we can go about gaining a foothold by leveraging Microsoft Office on MacOS, and present a method of escaping the MacOS sandbox that we find ourselves…

Read more »

Exploring PowerShell AMSI and Logging Evasion

By now, many of us know that during an engagement, AMSI (Antimalware Scripting Interface) can be used to trip up PowerShell scripts in an operators arsenal. Attempt to IEX Invoke-Mimikatz without taking care of AMSI, and it could be game over for your undetected campaign.…

Read more »

Exploiting CVE-2018-1038 - Total Meltdown

This week I had some free time to look into CVE-2018-1038 aka Total Meltdown. The aim was to create a quick exploit which could be used to elevate privileges during an assessment. I ended up delving into Windows memory management more than I had before.…

Read more »

Understanding and Evading Get-InjectedThread

One of the many areas of this field that I really enjoy is the "cat and mouse" game played between RedTeam and BlueTeam, each forcing the other to up their game. Often we see some awesome tools being released to help defenders detect malware or shellcode execution, and knowing just how these defensive capabilities function is important when performing a successful pentest or RedTeam engagement. Recently I came across the awesome post "Defenders Think in Graphs Too!", which can be found over on the SpectreOps blog here. This post is the start of a series looking at "dat…

Read more »