This blogpost showcases several methods of dynamic invocation that can be leveraged to bypass inline and IAT hooks.
Category Archives: Adversary Simulation
Unmanaged file searching with Filesearcher.exe
During our red team engagements, we are often reliant on a command and control infrastructure. Typically these infrastructures are capable of loading .NET assemblies in memory, which gave me the idea of coding a filesearcher assembly. This was partially invented because of a CTF event I was participating in which had me hunting several file …
Continue reading “Unmanaged file searching with Filesearcher.exe”
What’s in a name? Thoughts on Red Team nomenclature
In my previous post, I promised to expand on the distinction between adversary emulation, adversary simulation, red teaming, and purple teaming, or at least how I tried to distinguish these terms in a way that made sense to me Emulation and simulation; I’ve heard both terms used interchangeably to refer to the same type of …
Continue reading “What’s in a name? Thoughts on Red Team nomenclature”