How is my Browser blocking RWX execution ?
reviewing an EDR-like mechanism implemented by a popular browser
EDIT January 10, 2025
[Read More]
-
-
Introducing GimmeShelter.py
a situational awareness Python script to help you find where to put your beacons
GimmeShelter.py is a lightweight Python script which will help you get a good view of what a Windows environment looks like, and highlight opportunities for hiding/running malware from unusual modules, or memory setups. [Read More] -
BeaconGate, Sleepmask... customizing Cobalt Strike after 4.10
a quick new Sleep PoC using the latest Cobalt Strike features
Cobalt Strike keeps on evolving and this has serious implications on what happens behind the scenes when your payload runs, and what the resulting IOCs will be. With the growing complexity of the product there has also been a lot... [Read More] -
An RTO2 Review
A great (and cheap) cert from ZeroPoint Security
This is my review of the CRTL training from ZeroPoint Security, and incidentally, of the Elastic EDR, which is the solution used in the course and its lab. The CRTL (or RTO2) is a fairly new certification following-up on RTO... [Read More] -
MANDIANT CAPA for Red Teams
How to leverage Blue Team tools to make your malware stealthier
If you have ever checked the “Behavior” section on VirusTotal’s review of a sample, you have seen how it may flag suspicious activities performed by the executable you are analyzing. Irrespective of the number of detections that your sample gets... [Read More]