2024-07-31 | #redteaming
A few days ago I read a fantastic blog post by Forrest Kalser that piqued my curiosity. In the blog post, titled ‘Deep Sea Phishing Pt.1’, Kalser argues that custom payloads are (usually) better than stock shellcode because the EDR has already seen the stock shellcode generated by the C2 framework of your choice a few times.
2024-06-05 | #Obfuscation
Obfuscation is an important technique used to protect software from Man-At-The-End (MATE) attacks. Its purpose is to modify the code of a software application in order to make it more difficult for an attacker to understand, analyze or manipulate wile preserving its original semantics.
2023-02-18 | #redteaming
Direct system calls have been used by malware authors in the wild for a long time to evade AV/EDR solutions by bypassing user-land hooks. API hooking is one of the techniques used by modern AV/EDR solution to keep an eye on each API call and determine if it is malicious.
