Release v1.8 - Mirage - Evading Every EDR On The Planet Part 2
#bruteratel
Brute Ratel v1.8 [codename Mirage] is now available for download. This release provides a heavy update towards evasion and other feature requests by the community. Customers using v1.7 release should note that the Badgers of v1.7 will not support v1.8. Do not upgrade to this release if you are in an active engagement. Release notes have been disabled from here on out as we’ve noticed that it helps various security solutions to build detection capabilities on them. All blog updates/documentation will only contain minimalistic information on the internals starting from this release. Customers wanting further information can reach out to us on the dedicated email or discord support channel.
via Brute Ratel C4 Blog (author: Chetan Nayak (chetan@bruteratel.com))
#bruteratel
Brute Ratel v1.8 [codename Mirage] is now available for download. This release provides a heavy update towards evasion and other feature requests by the community. Customers using v1.7 release should note that the Badgers of v1.7 will not support v1.8. Do not upgrade to this release if you are in an active engagement. Release notes have been disabled from here on out as we’ve noticed that it helps various security solutions to build detection capabilities on them. All blog updates/documentation will only contain minimalistic information on the internals starting from this release. Customers wanting further information can reach out to us on the dedicated email or discord support channel.
via Brute Ratel C4 Blog (author: Chetan Nayak (chetan@bruteratel.com))
Free Training: Microsoft Office Offensive Tradecraft for Red Teamers
#outflank
We are hosting a free training on Microsoft Office Offensive Tradecraft aimed at red teamers. Head over here for more details and for registration.
via Outflank Blog (author: Marc Smeets)
#outflank
We are hosting a free training on Microsoft Office Offensive Tradecraft aimed at red teamers. Head over here for more details and for registration.
via Outflank Blog (author: Marc Smeets)
Regex Cheat Sheet
#trustedsec
Regular expressions (regex) are used in a variety of ways across technical industries. Developers use it to validate user inputs, and security operations use it to write detections for new attacks and SIEM rules. One of…
via TrustedSec Blog (author: Kurt Muhl)
#trustedsec
Regular expressions (regex) are used in a variety of ways across technical industries. Developers use it to validate user inputs, and security operations use it to write detections for new attacks and SIEM rules. One of…
via TrustedSec Blog (author: Kurt Muhl)
RISC-Y Business: Raging against the reduced machine
#secretclub
via Secret Club (author: mrexodia, oopsmishap)
#secretclub
via Secret Club (author: mrexodia, oopsmishap)
secret club
RISC-Y Business: Raging against the reduced machine
Abstract In recent years the interest in obfuscation has increased, mainly because people want to protect their intellectual property. Unfortunately, most of what’s been written is focused on the theoretical aspects. In this article, we will discuss the practical…
Rekt by the REX
#trustedsec
The request-to-exit (REX) passive infrared (PIR) sensor. You know the one. Spray canned air or smoke in its face, it becomes disoriented and unlocks the door. Spit a mist of alcohol in its face, it gets a buzz and…
via TrustedSec Blog (author: Jason Ashton)
#trustedsec
The request-to-exit (REX) passive infrared (PIR) sensor. You know the one. Spray canned air or smoke in its face, it becomes disoriented and unlocks the door. Spit a mist of alcohol in its face, it gets a buzz and…
via TrustedSec Blog (author: Jason Ashton)
Forwarded from Волосатый бублик
#edr
[ EDRSilencer ]
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
EDR list:
Microsoft Defender for Endpoint and Microsoft Defender Antivirus
"MsMpEng.exe",
"MsSense.exe",
Elastic EDR
"elastic-agent.exe",
"elastic-endpoint.exe",
"filebeat.exe",
Trellix EDR
"xagt.exe"
https://github.com/netero1010/EDRSilencer
[ EDRSilencer ]
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
EDR list:
Microsoft Defender for Endpoint and Microsoft Defender Antivirus
"MsMpEng.exe",
"MsSense.exe",
Elastic EDR
"elastic-agent.exe",
"elastic-endpoint.exe",
"filebeat.exe",
Trellix EDR
"xagt.exe"
https://github.com/netero1010/EDRSilencer
The Mac Malware of 2023
#objectivesee
It's here! Our annual report on all the Mac malware of the year (2023 edition). Besides providing samples for download, we cover infection vectors, persistence mechanisms, payloads and more!
via Objective-See Blog
#objectivesee
It's here! Our annual report on all the Mac malware of the year (2023 edition). Besides providing samples for download, we cover infection vectors, persistence mechanisms, payloads and more!
via Objective-See Blog
Analyzing DPRK's SpectralBlur
#objectivesee
The first malware of 2024 is (already) here. Let's dive in!
via Objective-See Blog
#objectivesee
The first malware of 2024 is (already) here. Let's dive in!
via Objective-See Blog
Leveraging Binary Ninja IL to Reverse a Custom ISA: Cracking the “Pot of Gold” 37C3
#synacktiv
via Synacktiv Blog (author: Thomas Imbert)
#synacktiv
via Synacktiv Blog (author: Thomas Imbert)
SafeHandle vs IntPtr
#rastamouse
C# is a popular language in both the commercial space (think ASP.NET Core, MVC, Blazor, WPF, MAUI, etc) and the infosec space. The most well known offensive C# tools are probably those in GhostPack (Rubeus, Seatbelt, Certify, SharpUp, etc). A lot of offensive tools that target Windows use interop (P/Invoke) quite heavily to call WinAPIs
via Rasta Mouse Blog
#rastamouse
C# is a popular language in both the commercial space (think ASP.NET Core, MVC, Blazor, WPF, MAUI, etc) and the infosec space. The most well known offensive C# tools are probably those in GhostPack (Rubeus, Seatbelt, Certify, SharpUp, etc). A lot of offensive tools that target Windows use interop (P/Invoke) quite heavily to call WinAPIs
via Rasta Mouse Blog
Exploring Counter-Strike: Global Offensive Attack Surface
#synacktiv
via Synacktiv Blog (author: Webmaster)
#synacktiv
via Synacktiv Blog (author: Webmaster)
🔥3
Detection Alchemy - The Purple Team Way
#trustedsec
As security practitioners, we frequently extol the virtues of penetration testing and red team exercises as a way of identifying issues for remediation. On the flip side, we also acknowledge the…
via TrustedSec Blog (author: Megan Nilsen)
#trustedsec
As security practitioners, we frequently extol the virtues of penetration testing and red team exercises as a way of identifying issues for remediation. On the flip side, we also acknowledge the…
via TrustedSec Blog (author: Megan Nilsen)
Top 10 web hacking techniques of 2023 - nominations open
#portswigger
Nominations are now open for the top 10 new web hacking techniques of 2023! Over the last year, numerous security researchers have shared their discoveries with the community through blog posts, prese
via PortSwigger Research
#portswigger
Nominations are now open for the top 10 new web hacking techniques of 2023! Over the last year, numerous security researchers have shared their discoveries with the community through blog posts, prese
via PortSwigger Research
Empire / Starkiller – New Year 2024
#bcsecurity
We recently released Empire 5.8 and Starkiller 2.7. Sometimes, we forget to highlight the cool new features or changes as they release. So, in addition to covering the Empire 5.8 / Starkiller 2.7 changes, this will also recap some of the things from the recent releases you may have missed.
via BC Security Blog (author: Vincent Rose)
#bcsecurity
We recently released Empire 5.8 and Starkiller 2.7. Sometimes, we forget to highlight the cool new features or changes as they release. So, in addition to covering the Empire 5.8 / Starkiller 2.7 changes, this will also recap some of the things from the recent releases you may have missed.
via BC Security Blog (author: Vincent Rose)
Protected: CVE-2024-20656 – Local Privilege Escalation in the VSStandardCollectorService150 Service
#mdsec
via MDSec Blog (author: Admin)
#mdsec
via MDSec Blog (author: Admin)
Level Up Your Reporting
#trustedsec
As a security consultant, our number one deliverable is a report of findings and recommendations. This is what our clients are ultimately paying for. Making sure the report can be easily read and understood should be…
via TrustedSec Blog (author: Kurt Muhl)
#trustedsec
As a security consultant, our number one deliverable is a report of findings and recommendations. This is what our clients are ultimately paying for. Making sure the report can be easily read and understood should be…
via TrustedSec Blog (author: Kurt Muhl)
Calling Home, Get Your Callbacks Through RBI
#specterops
via SpecterOps Team Medium (author: Lance B. Cain)
#specterops
via SpecterOps Team Medium (author: Lance B. Cain)
Medium
Calling Home, Get Your Callbacks Through RBI
Authored By: Lance B. Cain and Alexander DeMine