This blogpost will be a bit different, as it's going to tell a bit of a story... In this blogpost I want to achieve 2 objectives: address a question I keep hearing and seeing pop up in my DM every now and then, "how do I become a red teamer/ how do I become a … Continue reading I Solemnly Swear I Am Up To No Good. Introducing the Marauders Map
Ever needed a notifier when a new beacon checks in? Don't want to keep checking your Cobalt-Strike server every 5 minutes in the hopes of a new callback? We got you covered! Introducing the notification-service aggressor script available athttps://github.com/NVISOsecurity/blogposts/tree/master/cobalt-strike-notifier If the above image resonates with you, you'll know that the point between sending out your … Continue reading Tap tap… is this thing on? Creating a notification-service for Cobalt-Strike
This blogpost showcases several methods of dynamic invocation that can be leveraged to bypass inline and IAT hooks.
During some redteam engagements, we find ourselves in the need of writing DLL's. However, debugging DLL's is not as easy as it seems, as a DLL isn't built to run on its own.In this article, we will explore how you can debug a DLL effectively. What is a DLL? A DLL is short for a … Continue reading Debugging DLL’s – 3 techniques to help you get started
Ever wondered how tools like ExifTool or stegano programs work under the hood? Ever wanted to create your own program to embed secret data into images? In this is a short blog post on how to embed secret data in image files. This is something you can do as a party trick, some sort of … Continue reading Under the hood: Hiding data in JPEG images
During our red team engagements, we are often reliant on a command and control infrastructure. Typically these infrastructures are capable of loading .NET assemblies in memory, which gave me the idea of coding a filesearcher assembly. This was partially invented because of a CTF event I was participating in which had me hunting several file … Continue reading Unmanaged file searching with Filesearcher.exe
Ranked #1 on HackTheBox Belgium Not so long ago, I achieved a milestone in my penetration testing career.: reaching rank 1 on HackTheBox. For those of you that don't know what Hack The Box (HTB) is: Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and … Continue reading My journey reaching #1 on Hack The Box Belgium – 10 tips, tricks and lessons learned.
A few days ago I wrote a blog post about the evolving landscape of threat detection and how attackers need to adapt their techniques. In the previous post, I talked about one of the deception techniques that attackers are now using, called parent process ID spoofing. In this blog post, I'll talk about another deception … Continue reading The return of the spoof part 2: Command line spoofing
Years ago (as early as 2009), my colleague Didier Stevens wrote a blog post about parent process ID spoofing. Back then, most companies were not as secure as they are now, therefore, most attackers got away with 'basic' exploitation, not having the need to do much obfuscation or deception. Thankfully, the security posture of the … Continue reading The return of the spoof part 1: Parent process ID spoofing
Here phishy phishy... - source: Combell According to our latest research, which can be seen in this video , an astonishing 32% of employees click on phishing URL's, and 1 in 5 emails can be considered as malicious. But what makes a phishing attack successful? Are we really that naive to let ourselves become phishing … Continue reading Here phishy phishy : How to recognize phishing
