SEKTOR7 Institute
@SEKTOR7net
Followers
12,667
Following
338
Media
261
Statuses
1,070
Homo Aptus. Vincit qui se vincit - Publilius Syrus. Consulting, Training, Technology, Cyber domain, and more... @x33fcon supporter.
SEKTOR7.net
Joined April 2019
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Leyen
• 219343 Tweets
梅雨明け
• 202445 Tweets
BRANDS AI TALK x FOURTH
• 163155 Tweets
Raila
• 142013 Tweets
黒人奴隷
• 103809 Tweets
パワプロ
• 45205 Tweets
Yunan
• 31315 Tweets
Harmony
• 24534 Tweets
Colabo
• 23439 Tweets
暇空敗訴
• 20611 Tweets
#TheBoysFinale
• 20429 Tweets
BarengPRABOWO MakinOPTIMIS
• 16203 Tweets
SEMANGATbaru EKONOMItumbuh
• 15660 Tweets
栄冠ナイン
• 13696 Tweets
悪魔の証明
• 13655 Tweets
全員再契約
• 12661 Tweets
スキズ再契約
• 11110 Tweets
Pinned Tweet
Big news! RTO: Evasion course has been updated with text supplements giving extra context and information
Also each video has English subtitles with short table of contents and time markers to discussed content
Understanding and navigation should be easier!
Enjoy!
#redteam
5
66
242
6
48
193
Bypassing Crowdstrike Falcon EDR hooks with targeted algo, decomposing agent's hooking logic.
Although extremely Falcon-specific, nevertheless good exercise for any maldev.
Great work,
@inbits_sec
!
#redteam
3
200
517
Wondering what telemetry an EDR collects?
Wonder no more!
@Kostastsale
and
@ateixei
run an EDR Telemetry Project, covering all major EDRs:
"The main goal of the EDR Telemetry project is to encourage EDR vendors to be more transparent about the telemetry they provide".
Blog:
7
221
517
Here we go!
Pre-sale of RTO: MalDev Advanced (Vol.1) is now open
Pre-sale end: Sep 27th
Course release date: Sep 28th
Userland rootkit tech, building MSVC COFFs, custom "RPC" instrumentation and more...
You can't miss it!
#RTO
#redteam
#onlinelearning
15
124
447
A primer to EDR evasion for Red Teamers, by Jorge Gimenez & Karsten Nohl.
Main takeaway: "EDRs are mostly Cobalt Strike detecting tools [these days]" 😆
5
105
382
Ukraine needs support! SEKTOR7 has already donated to Polish Red Cross, but there's something we can do more.
Thus we give out a 50% discount on all our courses and donate all the income to the Polish Red Cross
Please share/retweet
#StandWithUkraine
🌻
18
192
311
4
108
314
6
89
307
RPC is (still) an integral part of Windows. Understanding how it works is crucial to finding new and unexpected paths throughout the system.
Great post by Aaron LeMasters of
@trailofbits
0
102
286
Flying through Windows domain with stolen tokens via Windows API, by Aurelien Chalot.
#redteam
3
74
262
No ReadProcessMemory / WriteProcessMemory due to monitoring? Do not despair. You still can get/set data in the remote process.
@x86matthew
has one of the answers. Great work!
3
72
261
A few methods to play with Windows Defender, by FO-Sec
#redteam
https[:]//www.fo-sec.com/articles/10-defender-bypass-methods
4
81
258
Bypassing Windows Mark-of-the-Web (MotW) feature with a crafted ZIP file, by
@mrgretzky
Enjoy the journey!
4
84
259
A journey to the heart of x64 system calls with
@AliceCliment
as your guide.
Prepare a notebook and coffee, it will be a long and engaging endeavor 😎
2
96
248
5
66
242
Excellent piece of "offensive" research by
@FSecureLabs
That's exactly what every
#redteam
should research.
Your edge, as an attacker, doesn't come from a new shiny tool. It comes from knowing something the other side doesn't know that you know, ya'know?
0
100
239
Announcement! New course incoming:
RED TEAM Operator: Windows Persistence.
Release date: May 27th, 2020; 12:00 UTC (Zulu time)
#RTO
#redteam
#Pentesting
#onlinelearning
3
58
240
Perun's Fart - yet "another" unhooking method.
Just load a clean NTDLL from a newly spawned process, copy bytes and enjoy life.
1
92
235
An undocumented feature to ignore all section headers and map an entire PE file as RWX memory, by
@x86matthew
1
89
228
RED TEAM Operator: MalDev Intermediate course is finally out!
Over 6h of fun with debuggers, assembly/C code and troubleshooting all the moving parts on Windows 10.
And testing new skills with assigned tasks. Good stuff!
Enjoy!
#redteam
#onlinelearning
4
75
232
Halo's Gate is (almost) dead,
Long live ShellWasp!
"Weaponizing Windows Syscalls":
4
81
226
Modifying reflective loader with Mockingjay technique.
A post by Riccardo Ancarani (
@dottor_morte
)
#redteam
3
70
212
A guide to building your engagement infrastructure, by André Tschapeller (
@hipstertrojan
)
#redteam
1
79
207
Injecting Meterpreter into a remote process on a remote Linux machine without touching disk - Part 1
Enjoy!
#Pentesting
#Linux
#redteam
2
82
201
Understanding email communication from a forensics perspective, by Joseph Moronwi.
#redteam
2
48
197
Hollowing a shell process to run a shellcode, all with just a 'dd'. Introducing DDExec by arget13
0
55
191
Halo's Gate - bypassing hooks with Hell's Gate twin.
Shout out to
@smelly__vx
and
@am0nsec
for their HG project. Great work guys!
1
82
193
If you ever need to find a specific Win API function delivering a wanted feature and don't know where to start, go to this MSDN resource:
It has everything you need. API reference by feature, header files, COM, RPC, even API Sets.
2
66
182
1
55
185
Modern post-exploitation execution and PSP evasion starts to look more like a recent multi-level exploit chains 😀
A good example by
@BlackArrowSec
- bypassing EDR and C2 restrictions, with a small reference to
@hasherezade
work.
Source:
Good read!
2
84
189
Reversing C++ executables with OOAnalyzer Ghidra Plugin
2
58
182
"RED TEAM Operator: Windows Persistence" released!
Includes methods used in
#Stuxnet
, Flame and by
#EquationGroup
, Turla or ProjectSauron.
25% discount, valid till June 10th, 2020
Link with discount:
Enjoy and please RT!
#redteam
#RTO
#onlinelearning
3
68
180
Abusing DLLs with RWX sections to fulfill memory allocation primitive and achieve code injection in a local and remote process.
Post by Thiago Peixoto, Felipe Duarte and Ido Naor of
@SecurityJoes
.
#redteam
3
52
177
Hooks without custom exception-handler or changing memory protection?
@x86matthew
: hold my beer!
Introducing StealthHook - controlling the execution flow of the target function by intercepting return addresses in the nested function call stack.
1
66
176
Making your CS beacon undetectable from both on-disk and in-memory YARA scanning, by William Burgess (
@joehowwolf
)
#redteam
0
57
174
1
46
174
Very intriguing report from Pangu Lab about advanced, allegedly NSA's, top-tier backdoor - Bvp47. Features are indeed impressive.
The last screenshot is very telling.
source:
#ShadowBrokers
#EquationGroup
3
64
169
It was well described by
@Jackson_T
- basically there are 4 distinct areas when it comes to EDR evasion:
- blending in
- sensor avoidance
- abusing blind spots
- tampering sensors (including traffic manipulation)
Sensor avoidance is something a lot of peeps miss.
More on this:
When do you consider an EDR evasion to be successful? If it's something else, please let me know in the comments.
25
11
38
0
41
173
Runtime disassembling EDR/AV hooks leading to bypass, by Christopher Vella of
@signal_labs
#redteam
1
68
170
"RED TEAM Operator: Privilege Escalation in Windows" is OUT!
20 different LPE techniques
30% discount, valid till May 3rd, 2020
Access to content: lifetime
Link with discount:
Enjoy and please RT!
#redteam
#Pentesting
#RTO
#Malware
#onlinelearning
4
66
171
Good example of defenders' way of thinking when building detections.
Check out few of
@Cyb3rMonk
posts, ex.:
Good read. Good lesson.
#redteaming
#RTO
1
54
166
Bypassing self-protection mechanism in Avast AV
3
72
167
0
48
162
0
67
163
0
48
162
Let the Black Friday begin!
25% off from the regular price.
To get the discount use the code: BEFICOM-22
Cyber Monday is a deadline, so don't wait too long!
#RTO
#redteam
#onlinelearning
4
51
157
Windows Processes, Nefarious Anomalies, and You: Memory Regions, by Brandon McGrath of
@TrustedSec
#redteam
#maldev
1
50
150
2
50
153
Excellent course notes from one of the students of
RTO: Malware Development course.
Enjoy!
#RTO
#redteam
#onlinetraining
1
48
151
0
47
149
Black Week has started @ SEKTOR7 Institute!
For the next 7 days you can purchase any course with $30 off the regular price.
Cyber Monday is a deadline, so don't wait too long!
#RTO
#redteam
#onlinelearning
7
57
146
0
41
148
Visual Studio template for more robust BOF development, testing and debugging, by
@HenriNurmi
of
@fortraofficial
#redteam
0
30
141
Great summary of code execution techniques with detection recommendations, by Francisco Dominguez and Denis Nagayuk.
#redteam
2
58
143
0
38
142
1
41
138
0
40
140
Hooking ZwOpenProcess(), GetExtendedTcpTable() and GetRTTAndHopCount() in unnamed AV process to hide malicious payloads. Userland rootkits are alive and kicking :)
2
78
137
0
48
133
1
35
134
New RTO series course is coming!
Pre-sales of Malware Development Intermediate is open!
Official launch day: October 24th, 2020
Current price: $199 net
You can't miss this one!
#redteam
#onlinelearning
3
49
132
A story of /proc/self/mem writing to its own non-writable memory:
That's why injecting meterpreter into 'dd' process without touching disk is possible:
0
42
117
RED TEAM Operator: Malware Intermediate course discount is up!
Valid for the next 2 weeks! Click the link below to get a reduced price.
#redteam
#onlinelearning
#RTO
4
40
129
Our campaign is over. Results are just mind blowing!
We've collected almost $81k and all goes to Polish Red Cross (
@PolskiCK
) to support Ukrainian refugees fleeing the war zone.
I'd like to personally thank all of you who supported the cause!
reenz0h
#HelpforUkraine
🌻🌻🌻
Ukraine needs support! SEKTOR7 has already donated to Polish Red Cross, but there's something we can do more.
Thus we give out a 50% discount on all our courses and donate all the income to the Polish Red Cross
Please share/retweet
#StandWithUkraine
🌻
18
192
311
8
19
126
Compiling your code into a series of MOV instructions, by Chris Domas (
@xoreaxeaxeax
)
#redteam
2
29
123
1
34
120
3-day Late Spring Sale! 25% off on ALL courses.
Use the following link to apply the discount code:
Promo ends this Wednesday (EoD Zulu)!
#redteam
#elearning
4
40
119
