Hiding your .NET - ETW

In this post we will focus on Event Threading for Windows (ETW), how it is used to surface events on .NET assemblies, and how we can evade this kind of detection.... Read More »

AWS Lambda Redirector

In this post we will be looking at AWS Lambda, how we can deploy code using the Serverless framework, and how we can use this technology as a redirector for Cobalt Strike... Read More »

Testing your RedTeam Infrastructure

As RedTeaming has grown with the industry, so has our need to build dependable environments. In keeping with the cat-and-mouse game we find ourselves in, it's essential to possess the capability of maintaining robust infrastructure which can be recreated if discovered, and more importantly, we need to ensure that the environment is free of issues upon deployment. Today I'm kicking off the first of a series of posts where we will be adopting some of the practices made popular by the DevOps team... Read More »

MacOS Filename Homoglyphs Revisited

Last year I posted a few tricks to help when targeting MacOS users, and included a technique useful for spoofing file extensions with the aim of taking advantage of Finder's removal of the .app extension from certain filenames.... Read More »

Protecting Your Malware with blockdlls and ACG

In Cobalt Strike, blockdlls was introduced to allow protection of spawned processes from non-Microsoft signed DLL's. In this post I will show just how this works, and look at an additional process security option which could help us to deter endpoint security products.... Read More »