Tap tap… is this thing on? Creating a notification-service for Cobalt-Strike

Ever needed a notifier when a new beacon checks in? Don't want to keep checking your Cobalt-Strike server every 5 minutes in the hopes of a new callback? We got you covered! Introducing the notification-service aggressor script available athttps://github.com/NVISOsecurity/blogposts/tree/master/cobalt-strike-notifier If the above image resonates with you, you'll know that the point between sending out your … Continue reading Tap tap… is this thing on? Creating a notification-service for Cobalt-Strike

MITRE ATT&CK turned purple – Part 1: Hijack execution flow

The MITRE ATT&CK framework is probably the most well-known framework in terms of adversary emulation and by extent, red teaming.It features numerous TTPs (Tactics, Techniques, and Procedures) and maps them to threat actors. Being familiar with this framework is not only benefiting the red team operations but the blue team operations as well! To create … Continue reading MITRE ATT&CK turned purple – Part 1: Hijack execution flow

Epic Manchego – atypical maldoc delivery brings flurry of infostealers

In July 2020, NVISO detected a set of malicious Excel documents, also known as “maldocs”, that deliver malware through VBA-activated spreadsheets. While the malicious VBA code and the dropped payloads were something we had seen before, it was the specific way in which the Excel documents themselves were created that caught our attention. The creators … Continue reading Epic Manchego – atypical maldoc delivery brings flurry of infostealers

Unmanaged file searching with Filesearcher.exe

During our red team engagements, we are often reliant on a command and control infrastructure. Typically these infrastructures are capable of loading .NET assemblies in memory, which gave me the idea of coding a filesearcher assembly. This was partially invented because of a CTF event I was participating in which had me hunting several file … Continue reading Unmanaged file searching with Filesearcher.exe

My journey reaching #1 on Hack The Box Belgium – 10 tips, tricks and lessons learned.

Ranked #1 on HackTheBox Belgium Not so long ago, I achieved a milestone in my penetration testing career.: reaching rank 1 on HackTheBox. For those of you that don't know what Hack The Box (HTB) is: Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and … Continue reading My journey reaching #1 on Hack The Box Belgium – 10 tips, tricks and lessons learned.

The return of the spoof part 2: Command line spoofing

A few days ago I wrote a blog post about the evolving landscape of threat detection and how attackers need to adapt their techniques. In the previous post, I talked about one of the deception techniques that attackers are now using, called parent process ID spoofing. In this blog post, I'll talk about another deception … Continue reading The return of the spoof part 2: Command line spoofing