This post is going to use the SLIVER C2 framework to configure a stager and bypass a current updated windows defender, using shellcode injection. Note that this is not the best OPPSEC as i’m just going to be running an arbitrary executable on disk, for a more realistic attack scenario e.g using a malicious document […]

Continue Reading

This methodology is a simple but effective way to bypass current windows defender using excel 4.0 macros. (and possibly some EDRs 😉 ) I’ve deliberately avoided obfuscation as much as possible in this macro to make it simple to follow but still bypass windows defender (most of the malicious activity occurs in a JS file […]

Continue Reading

With the NCSCs newly recommended best practices involving having a banned password list and Microsoft recommending and even implementing their own ability to do so for any users subscribed to azure Active directory this shows how important a banned password list can be to an organisation. See more about Microsoft new recommendations here and their […]

Continue Reading

Any Cyber Analyst or InfoSec Researcher understands the importance of gathering proactive and actionable threat intelligence to protect critical customer assets from attacks. To do this To do this we need to collect and store IOCs and TTPs easily and effectively giving us the ability to create rules to detect these methodologies being used in […]

Continue Reading