Malware Development

DLL Notification Injection

New “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.

MalRDP: Implementing Rouge RDP Manually

Weaponizing RDP files for phishing and initial access. Based on the work of Mike Felch on Rouge RDP technique.

It’s all in the details: The curious case of an LSASS dumper gone undetected

Let me first start by saying I will not be revealing in this post any novel techniques or new research that hasn’t been seen before. I will, however, reveal my own methodology when it comes to finding gaps in EDRs visibility in order to bypass detection.

Execute any "evil" Powershell code by bypassing AMSI

Powershell can be a powerful tool during the post-exploitation phase of our engagements. But what if AMSI will not let us use any of its capabilities?

08.11.2019

Mor Davidovich

Get informed of the latest news in cyber security

Enter your email address to receive cyber security tips, techniques, and updates

powered by nextbracket.io