Red & Lonesome | RWXStoned

BeaconGate, Sleepmask... customizing Cobalt Strike after 4.10

a quick new Sleep PoC using the latest Cobalt Strike features

Posted on November 13, 2024

Cobalt Strike keeps on evolving and this has serious implications on what happens behind the scenes when your payload runs, and what the resulting IOCs will be. With the growing complexity of the product there has also been a lot... [Read More]

An RTO2 Review

A great (and cheap) cert from ZeroPoint Security

Posted on November 7, 2024

This is my review of the CRTL training from ZeroPoint Security, and incidentally, of the Elastic EDR, which is the solution used in the course and its lab. The CRTL (or RTO2) is a fairly new certification following-up on RTO... [Read More]

MANDIANT CAPA for Red Teams

How to leverage Blue Team tools to make your malware stealthier

Posted on October 27, 2024

If you have ever checked the “Behavior” section on VirusTotal’s review of a sample, you have seen how it may flag suspicious activities performed by the executable you are analyzing. Irrespective of the number of detections that your sample gets... [Read More]