December 3

Webinar takeaway: Move Aside Script Kiddies: Malware Execution in the Age of Advanced Defenses

Code, Security

0  comments

My key takeaways

  • it's getting harder to execute malware in a lot of environments, also due to endpoint maturity
  • 3 parts of an assumed compromise: priv esc, lateral movement, senstive data access
  • Win10 is safer then ever, also Windows Defender has improved
  • defense vendors have signatures for almost all metaspoilt machine code
  • nowadays you can't use a commodity framework and get away with it as an attacker/red teamer
  • code signing becomes also relevant for red teamers to get malware run
  • live of the land becomes more and more mandatory (LOLBAS)
  • Best EDR? Manually...!
  • "blinding the defenders": AMSI amusements and ETW bypass

Env

Tags

malware, red teaming, reverse shell

You may also like

Webinar takeaway – Offensive Windows Event Logs

My key takeaways there is a POC proving persistence by writing/reading shellcode from Event Log the real issue is execution as it’s a blind spot for most EDR also Defender Event logs in win are in the registry Bindings of sources to specific log local admins can create a log/source and event log entries via

Read More

Webinar takeaway – A Master Class on Offensive MSBuild

My key takeaways MSBuild is a binary that is installed by default on Windows no whitelisting required .csproj and .xml files are typical to interact with MSBuild Custom tasks are the juicy stuff Malicious code is placed in the execute function of the custom task and compiled into an dll xml will bypass detection a

Read More
Leave a Comment