Create your own custom implant

2024-07-31 | #redteaming

A few days ago I read a fantastic blog post by Forrest Kalser that piqued my curiosity. In the blog post, titled ‘Deep Sea Phishing Pt.1’, Kalser argues that custom payloads are (usually) better than stock shellcode because the EDR has already seen the stock shellcode generated by the C2 framework of your choice a few times.

Continue reading 


Develop your own C# Obfuscator

2024-06-05 | #Obfuscation

Obfuscation is an important technique used to protect software from Man-At-The-End (MATE) attacks. Its purpose is to modify the code of a software application in order to make it more difficult for an attacker to understand, analyze or manipulate wile preserving its original semantics.

Continue reading 


Keep whispering to bypass Windows Defender

2023-02-18 | #redteaming

Direct system calls have been used by malware authors in the wild for a long time to evade AV/EDR solutions by bypassing user-land hooks. API hooking is one of the techniques used by modern AV/EDR solution to keep an eye on each API call and determine if it is malicious.

Continue reading 