Bypassing Image Load Kernel Callbacks

As security teams continue to advance, it has become essential for  attacker’s to have complete control over every part of their operation,  from the infrastructure down to individual actions that occur on the  endpoint. Even with this in mind, image load events have always been  something I’ve tried…

Breaking The Browser – A tale of IPC, credentials and backdoors

Web browsers are inherently trusted by users. They are trained to trust  websites which “have a padlock in the address bar” and that “have the  correct name”, This trust leads to users feeling comfortable entering  their sensitive data into these websites. From an attackers stand point  this trust is an…

Pwning Windows Event Logging with YARA rules

The Event Log coupled with Windows Event Forwarding and Sysmon can be extremely powerful in the hands of defenders, allowing them to detect attackers every step of the way. Obviously this is an issue for the attackers. Before privilege escalation it is limited what we can do to evade event…

Defending Your Malware

Malware is an important part of an engagement, though as many security solutions are now evolving past rudimentary signature comparisons to using more advanced techniques to detect malicious activity, it is important that we as attackers understand the methods they are using and how we can avoid them. Consider the…

Introducing SHAD0W

Available from the projects GitHub Post exploitation is large part of a red team engagement. While many organisations begin to mature and start to deploy a range of sophisticated Endpoint Detection & Response solutions (EDR) onto their networks, it requires us, as attackers to also mature. We need to upgrade…