Universally Evading Sysmon and ETW

The source code and latest release are both available. Sysmon and windows event log are both extremely powerful tools in a defender's arsenal. Their very flexible configurations give them a great insight into the activity on endpoints, making the process of detecting attackers a lot easier. It's for this reason…

Bypassing AV via in-memory PE execution

It's a common issue to have when your attacking a system (especially on windows) - having the local anti virus blocking your shells, beacons or malware (though I will be referring to them all as malware during this blog post). And it can cause untold hours of frustration trying to…