Hiding your .NET - COMPlus_ETWEnabled
It turns out that there is a method of disabling ETW in .NET, strangely exposed by setting an environment variable of COMPlus_ETWEnabled=0. This post explores how this works.... Read More »
Designing The Adversary Simulation Lab
In this post we will walk you through the technology used to create and deploy the ActiveBreach Adversary Simulation Lab, and look at the hurdles we jumped through to get things running smoothly.... Read More »
Hiding your .NET - ETW
In this post we will focus on Event Threading for Windows (ETW), how it is used to surface events on .NET assemblies, and how we can evade this kind of detection.... Read More »
AWS Lambda Redirector
In this post we will be looking at AWS Lambda, how we can deploy code using the Serverless framework, and how we can use this technology as a redirector for Cobalt Strike... Read More »
Testing your RedTeam Infrastructure
As RedTeaming has grown with the industry, so has our need to build dependable environments. In keeping with the cat-and-mouse game we find ourselves in, it's essential to possess the capability of maintaining robust infrastructure which can be recreated if discovered, and more importantly, we need to ensure that the environment is free of issues upon deployment. Today I'm kicking off the first of a series of posts where we will be adopting some of the practices made popular by the DevOps team... Read More »