Debugging into .NET

.NET for post-exploitation is here to stay. It has been bundled with most C2 frameworks, common tools have been ported, AMSI has been added (then bypassed) and new and clever ways have been found to launch unmanaged code. The process of loading a .NET assembly however appears to be pretty consistent. We know that tools like Cobalt Strike's execute-assembly have greatly increased the accessibility of loading a .NET assembly from memory, with most attackers using this in one way or another during... Read More »

Designing The Adversary Simulation Lab

In this post we will walk you through the technology used to create and deploy the ActiveBreach Adversary Simulation Lab, and look at the hurdles we jumped through to get things running smoothly.... Read More »