All articles tagged as:

redteam

ActiveBreach, powered by Ethereum Blockchain

Posted on

I’m not actually sure when the abstraction of Blockchain started or when it became such a marketing buzzword, but with so many things claiming to be “Powered by The Blockchain”, I wanted to dig into the technology to understand if there was any benefit to be had by an aggressor.…

Read more »

macOS Research Outtakes - File Extensions

If you follow our research over on MDSec's blog, you will have seen a number of posts documenting macOS research we've recently completed. As RedTeamer's, we have a wealth of information available to us when it comes to attacking Windows endpoints, whether that be via a HTA, OLE, a macro office document or even simply binary hiding as a legitimate application, we are never short of options to gain access to a targets machine when phishing. The same unfortunately can't be said for macOS systems. If we take a look around, there are few posts or teardowns that show viable techniques we can use wh…

Read more »

Exploring PowerShell AMSI and Logging Evasion

By now, many of us know that during an engagement, AMSI (Antimalware Scripting Interface) can be used to trip up PowerShell scripts in an operators arsenal. Attempt to IEX Invoke-Mimikatz without taking care of AMSI, and it could be game over for your undetected campaign.…

Read more »

Understanding and Evading Get-InjectedThread

One of the many areas of this field that I really enjoy is the "cat and mouse" game played between RedTeam and BlueTeam, each forcing the other to up their game. Often we see some awesome tools being released to help defenders detect malware or shellcode execution, and knowing just how these defensive capabilities function is important when performing a successful pentest or RedTeam engagement. Recently I came across the awesome post "Defenders Think in Graphs Too!", which can be found over on the SpectreOps blog here. This post is the start of a series looking at "dat…

Read more »