Previously, we have already published Sander's (@cerbersec) internship testimony. Since this post does not really contain any juicy technical details and Sander has done a terrific job putting together a walkthrough of his process, we thought it would be a waste not to highlight his previous posts again. In Part 1, Sander explains how he … Continue reading All aboard the internship – whispering past defenses and sailing into kernel space
As penetration testers, we sometimes have to perform web application security assessments from our customer's computers instead of our beloved machines. When this happens, we can face different challenges in order to have a working test setup. We will most probably have very limited permissions, which can block us from installing applications or modifying proxy … Continue reading Proxy managed by enterprise? No problem! Abusing PAC and the registry to get burpin’
During the first months of this year, Sander joined our 'Software Security AND Assessments' team as an intern and worked on writing Custom Beacon Object Files for the Cobalt Strike C2 framework. Below you can find how it all went!
This blogpost will be a bit different, as it's going to tell a bit of a story... In this blogpost I want to achieve 2 objectives: address a question I keep hearing and seeing pop up in my DM every now and then, "how do I become a red teamer/ how do I become a … Continue reading I Solemnly Swear I Am Up To No Good. Introducing the Marauders Map
Ever needed a notifier when a new beacon checks in? Don't want to keep checking your Cobalt-Strike server every 5 minutes in the hopes of a new callback? We got you covered! Introducing the notification-service aggressor script available athttps://github.com/NVISOsecurity/blogposts/tree/master/cobalt-strike-notifier If the above image resonates with you, you'll know that the point between sending out your … Continue reading Tap tap… is this thing on? Creating a notification-service for Cobalt-Strike
This blogpost showcases several methods of dynamic invocation that can be leveraged to bypass inline and IAT hooks.
We are pleased to announce that we have created a unique approach with QuoIntelligence GmbH in responding to the TIBER-EU testing. Using our approach, we combine both passive threat intelligence gathering and active offensive red team testing as one seamless experience while remaining independent from each other. The TIBER-EU Framework, More Critical Now Than Ever … Continue reading NVISO and QuoIntelligence Announce Strategic Cooperation
The MITRE ATT&CK framework is probably the most well-known framework in terms of adversary emulation and by extent, red teaming.It features numerous TTPs (Tactics, Techniques, and Procedures) and maps them to threat actors. Being familiar with this framework is not only benefiting the red team operations but the blue team operations as well! To create … Continue reading MITRE ATT&CK turned purple – Part 1: Hijack execution flow
During some redteam engagements, we find ourselves in the need of writing DLL's. However, debugging DLL's is not as easy as it seems, as a DLL isn't built to run on its own.In this article, we will explore how you can debug a DLL effectively. What is a DLL? A DLL is short for a … Continue reading Debugging DLL’s – 3 techniques to help you get started
Ever wondered how tools like ExifTool or stegano programs work under the hood? Ever wanted to create your own program to embed secret data into images? In this is a short blog post on how to embed secret data in image files. This is something you can do as a party trick, some sort of … Continue reading Under the hood: Hiding data in JPEG images