Proxy managed by enterprise? No problem! Abusing PAC and the registry to get burpin’

As penetration testers, we sometimes have to perform web application security assessments from our customer's computers instead of our beloved machines. When this happens, we can face different challenges in order to have a working test setup. We will most probably have very limited permissions, which can block us from installing applications or modifying proxy … Continue reading Proxy managed by enterprise? No problem! Abusing PAC and the registry to get burpin’ →

Interview with an NVISO Intern – Writing Custom Beacon Object Files

During the first months of this year, Sander joined our 'Software Security AND Assessments' team as an intern and worked on writing Custom Beacon Object Files for the Cobalt Strike C2 framework. Below you can find how it all went!

I Solemnly Swear I Am Up To No Good. Introducing the Marauders Map

This blogpost will be a bit different, as it's going to tell a bit of a story... In this blogpost I want to achieve 2 objectives: address a question I keep hearing and seeing pop up in my DM every now and then, "how do I become a red teamer/ how do I become a … Continue reading I Solemnly Swear I Am Up To No Good. Introducing the Marauders Map →

Tap tap… is this thing on? Creating a notification-service for Cobalt-Strike

Ever needed a notifier when a new beacon checks in? Don't want to keep checking your Cobalt-Strike server every 5 minutes in the hopes of a new callback? We got you covered! Introducing the notification-service aggressor script available athttps://github.com/NVISOsecurity/blogposts/tree/master/cobalt-strike-notifier If the above image resonates with you, you'll know that the point between sending out your … Continue reading Tap tap… is this thing on? Creating a notification-service for Cobalt-Strike →

Dynamic Invocation in .NET to bypass hooks

This blogpost showcases several methods of dynamic invocation that can be leveraged to bypass inline and IAT hooks.

NVISO and QuoIntelligence Announce Strategic Cooperation

We are pleased to announce that we have created a unique approach with QuoIntelligence GmbH in responding to the TIBER-EU testing. Using our approach, we combine both passive threat intelligence gathering and active offensive red team testing as one seamless experience while remaining independent from each other. The TIBER-EU Framework, More Critical Now Than Ever … Continue reading NVISO and QuoIntelligence Announce Strategic Cooperation →

Debugging DLL’s – 3 techniques to help you get started

During some redteam engagements, we find ourselves in the need of writing DLL's. However, debugging DLL's is not as easy as it seems, as a DLL isn't built to run on its own.In this article, we will explore how you can debug a DLL effectively. What is a DLL? A DLL is short for a … Continue reading Debugging DLL’s – 3 techniques to help you get started →

Under the hood: Hiding data in JPEG images

Ever wondered how tools like ExifTool or stegano programs work under the hood? Ever wanted to create your own program to embed secret data into images? In this is a short blog post on how to embed secret data in image files. This is something you can do as a party trick, some sort of … Continue reading Under the hood: Hiding data in JPEG images →

Unmanaged file searching with Filesearcher.exe

During our red team engagements, we are often reliant on a command and control infrastructure. Typically these infrastructures are capable of loading .NET assemblies in memory, which gave me the idea of coding a filesearcher assembly. This was partially invented because of a CTF event I was participating in which had me hunting several file … Continue reading Unmanaged file searching with Filesearcher.exe →

What’s in a name? Thoughts on Red Team nomenclature

In my previous post, I promised to expand on the distinction between adversary emulation, adversary simulation, red teaming, and purple teaming, or at least how I tried to distinguish these terms in a way that made sense to me Emulation and simulation; I've heard both terms used interchangeably to refer to the same type of … Continue reading What’s in a name? Thoughts on Red Team nomenclature →