0xRob – InfoSec

Stopping Blue Teams From Obtaining Payloads Via Browser Based Virtualisation Detection and HTML Smuggling

8th August 2021 Uncategorised 0xrob 0

Introduction Red Teams and malicious actors will likely have faced the challenge of not only getting a user to click on a phishing link to deliver a payload but also ensuring that this stays undetected by blue teams. They will likely need to bypass proxy filetype based detections combined with utilising social engineering the user […]

Building a Custom Shellcode Loader with Syswhispers to Utilise Direct Syscalls

14th March 2021 Uncategorised 0xrob 0

This post is heavily similar to my previous post located here around designing a custom shellcode loader which will pull shellcode from a server and execute it into a process. This POC currently bypasses Windows Defender when used with Sliver C2 framework (and likely others) along with 2 tested but unnamed EDR products. The main […]

Building a Custom shellcode stager with process injection to Bypass Windows Defender

6th July 2020 Uncategorised 0xrob 0

This post is going to use the SLIVER C2 framework to configure a stager and bypass a current updated windows defender, using shellcode injection. Note that this is not the best OPPSEC as i’m just going to be running an arbitrary executable on disk, for a more realistic attack scenario e.g using a malicious document […]

Using Covenant and Excel 4.0 Macros to Bypass Windows Defender

26th June 2020 Uncategorised 0xrob 0

This methodology is a simple but effective way to bypass current windows defender using excel 4.0 macros. (and possibly some EDRs 😉 ) I’ve deliberately avoided obfuscation as much as possible in this macro to make it simple to follow but still bypass windows defender (most of the malicious activity occurs in a JS file […]

Using a Password Filter to Create a Banned Password List without Azure AD on Windows

21st October 2019 Uncategorised 0xrob 0

For SMEs or whatever the use case it may not be applicable to rely on azure AD for your banned password implementation to conform with the new NCSC baselines and NIST recommendations of a banned password list. Well good news there’s an password filter .dll implementation that does exactly what you are looking for which […]

Using a database of 100 million+ breached passwords to secure a Linux server/Endpoint for an SME

1st August 2019 Uncategorised 0xrob 0

With the NCSCs newly recommended best practices involving having a banned password list and Microsoft recommending and even implementing their own ability to do so for any users subscribed to azure Active directory this shows how important a banned password list can be to an organisation. See more about Microsoft new recommendations here and their […]

Creating a Malware Analysis Lab for Dynamic Analysis

1st July 2019 Uncategorised 0xrob 0

Any Cyber Analyst or InfoSec Researcher understands the importance of gathering proactive and actionable threat intelligence to protect critical customer assets from attacks. To do this To do this we need to collect and store IOCs and TTPs easily and effectively giving us the ability to create rules to detect these methodologies being used in […]