December 3

Webinar takeaway: Move Aside Script Kiddies: Malware Execution in the Age of Advanced Defenses

Code, Security

0  comments

My key takeaways

  • it's getting harder to execute malware in a lot of environments, also due to endpoint maturity
  • 3 parts of an assumed compromise: priv esc, lateral movement, senstive data access
  • Win10 is safer then ever, also Windows Defender has improved
  • defense vendors have signatures for almost all metaspoilt machine code
  • nowadays you can't use a commodity framework and get away with it as an attacker/red teamer
  • code signing becomes also relevant for red teamers to get malware run
  • live of the land becomes more and more mandatory (LOLBAS)
  • Best EDR? Manually...!
  • "blinding the defenders": AMSI amusements and ETW bypass

Env

Tags

malware, red team, reverse shell

You may also like

What Fantasy Role-Playing Games Can Teach Us About Cybersecurity Roles

— And why your SOC might actually need a Bard 🐉⚔️ Cybersecurity teams are often compared to armies, fire brigades, or special forces. Personally? I think they’re much closer to a party of heroes in a classic fantasy role-playing game. No matter how many frameworks, SIEMs, or AI tools we summon, defending a digital kingdom

Read More

Webinar takeaway – Offensive Windows Event Logs

My key takeaways there is a POC proving persistence by writing/reading shellcode from Event Log the real issue is execution as it’s a blind spot for most EDR also Defender Event logs in win are in the registry Bindings of sources to specific log local admins can create a log/source and event log entries via

Read More
Leave a Comment