shad0w

Post exploitation is large part of a red team engagement. While many organisations begin to mature and start to deploy a range of sophisticated Endpoint Detection & Response solutions (EDR) onto their networks, it requires us, as attackers to also mature. We need to upgrade our arsenal to give us…

Universally Evading Sysmon and ETW

The source code and latest release are both available. Sysmon and windows event log are both extremely powerful tools in a defender's arsenal. Their very flexible configurations give them a great insight into the activity on endpoints, making the process of detecting attackers a lot easier. It's for this reason…

Bypassing AV via in-memory PE execution

It's a common issue to have when your attacking a system (especially on windows) - having the local anti virus blocking your shells, beacons or malware (though I will be referring to them all as malware during this blog post). And it can cause untold hours of frustration trying to…