This blogpost showcases several methods of dynamic invocation that can be leveraged to bypass inline and IAT hooks.
Category Archives: Red Teaming
NVISO and QuoIntelligence Announce Strategic Cooperation
We are pleased to announce that we have created a unique approach with QuoIntelligence GmbH in responding to the TIBER-EU testing. Using our approach, we combine both passive threat intelligence gathering and active offensive red team testing as one seamless experience while remaining independent from each other. The TIBER-EU Framework, More Critical Now Than Ever …
Continue reading “NVISO and QuoIntelligence Announce Strategic Cooperation”
Debugging DLL’s – 3 techniques to help you get started
During some redteam engagements, we find ourselves in the need of writing DLL’s. However, debugging DLL’s is not as easy as it seems, as a DLL isn’t built to run on its own.In this article, we will explore how you can debug a DLL effectively. What is a DLL? A DLL is short for a …
Continue reading “Debugging DLL’s – 3 techniques to help you get started”
Under the hood: Hiding data in JPEG images
Ever wondered how tools like ExifTool or stegano programs work under the hood? Ever wanted to create your own program to embed secret data into images? In this is a short blog post on how to embed secret data in image files. This is something you can do as a party trick, some sort of …
Continue reading “Under the hood: Hiding data in JPEG images”
Unmanaged file searching with Filesearcher.exe
During our red team engagements, we are often reliant on a command and control infrastructure. Typically these infrastructures are capable of loading .NET assemblies in memory, which gave me the idea of coding a filesearcher assembly. This was partially invented because of a CTF event I was participating in which had me hunting several file …
Continue reading “Unmanaged file searching with Filesearcher.exe”
What’s in a name? Thoughts on Red Team nomenclature
In my previous post, I promised to expand on the distinction between adversary emulation, adversary simulation, red teaming, and purple teaming, or at least how I tried to distinguish these terms in a way that made sense to me Emulation and simulation; I’ve heard both terms used interchangeably to refer to the same type of …
Continue reading “What’s in a name? Thoughts on Red Team nomenclature”
Thoughts on the recent Red Team debate
Around the end of November 2019, Florian Roth wrote a much-discussed post about problems he saw with today’s red teaming. I considered writing a blog post to diverge some of my ideas and “respond” to his concerns. However, as is often the case with these types of things, I didn’t get to it at the …
The Rise of Adversary Emulation
In this blog post, we will discuss a fairly new concept that has been gaining a lot of traction recently: Adversary Emulation. Adversary emulation aims to test a network’s resilience against advanced attackers or advanced persistent threats (APTs). To do so, the adversary’s tactics, techniques, and procedures (TTPs) are emulated along the cyber kill chain, …