Big news! RTO: Evasion course has been updated with text supplements giving extra context and information
Also each video has English subtitles with short table of contents and time markers to discussed content
Understanding and navigation should be easier!
Enjoy!
#redteam
Bypassing Crowdstrike Falcon EDR hooks with targeted algo, decomposing agent's hooking logic.
Although extremely Falcon-specific, nevertheless good exercise for any maldev.
Great work,
@inbits_sec
!
#redteam
Wondering what telemetry an EDR collects?
Wonder no more!
@Kostastsale
and
@ateixei
run an EDR Telemetry Project, covering all major EDRs:
"The main goal of the EDR Telemetry project is to encourage EDR vendors to be more transparent about the telemetry they provide".
Blog:
Here we go!
Pre-sale of RTO: MalDev Advanced (Vol.1) is now open
Pre-sale end: Sep 27th
Course release date: Sep 28th
Userland rootkit tech, building MSVC COFFs, custom "RPC" instrumentation and more...
You can't miss it!
#RTO
#redteam
#onlinelearning
A primer to EDR evasion for Red Teamers, by Jorge Gimenez & Karsten Nohl.
Main takeaway: "EDRs are mostly Cobalt Strike detecting tools [these days]" 😆
Credentials Guard enabled preventing access to clear text passwords? N4kedTurtle: "Hold my beer!"
Patch 2 global vars and enjoy your clear text creds again! Btw. Microsoft sees no issue here ;)
Good post with a contribution from
@_xpn_
:
#redteam
#RTO
Ukraine needs support! SEKTOR7 has already donated to Polish Red Cross, but there's something we can do more.
Thus we give out a 50% discount on all our courses and donate all the income to the Polish Red Cross
Please share/retweet
#StandWithUkraine
🌻
RPC is (still) an integral part of Windows. Understanding how it works is crucial to finding new and unexpected paths throughout the system.
Great post by Aaron LeMasters of
@trailofbits
No ReadProcessMemory / WriteProcessMemory due to monitoring? Do not despair. You still can get/set data in the remote process.
@x86matthew
has one of the answers. Great work!
Excellent piece of "offensive" research by
@FSecureLabs
That's exactly what every
#redteam
should research.
Your edge, as an attacker, doesn't come from a new shiny tool. It comes from knowing something the other side doesn't know that you know, ya'know?
RED TEAM Operator: MalDev Intermediate course is finally out!
Over 6h of fun with debuggers, assembly/C code and troubleshooting all the moving parts on Windows 10.
And testing new skills with assigned tasks. Good stuff!
Enjoy!
#redteam
#onlinelearning
No netcat/telnet/bash/python/ruby/php on board when rev|bind shell is needed? Some good old and updated gawk remote shellz with
#Phrack
, and
@thegrugq
in the context.
If you ever need to find a specific Win API function delivering a wanted feature and don't know where to start, go to this MSDN resource:
It has everything you need. API reference by feature, header files, COM, RPC, even API Sets.
Modern post-exploitation execution and PSP evasion starts to look more like a recent multi-level exploit chains 😀
A good example by
@BlackArrowSec
- bypassing EDR and C2 restrictions, with a small reference to
@hasherezade
work.
Source:
Good read!
Few evasion tips & tricks against modern detection tech, with Falcon as an example EDR (which can be a PITA sometimes :)
And, as a bonus, 2 offensive tools for Cobalt Strike - ScareCrow and SourcePoint.
Nice work,
@Tyl0us
!
#redteam
"RED TEAM Operator: Windows Persistence" released!
Includes methods used in
#Stuxnet
, Flame and by
#EquationGroup
, Turla or ProjectSauron.
25% discount, valid till June 10th, 2020
Link with discount:
Enjoy and please RT!
#redteam
#RTO
#onlinelearning
Abusing DLLs with RWX sections to fulfill memory allocation primitive and achieve code injection in a local and remote process.
Post by Thiago Peixoto, Felipe Duarte and Ido Naor of
@SecurityJoes
.
#redteam
Hooks without custom exception-handler or changing memory protection?
@x86matthew
: hold my beer!
Introducing StealthHook - controlling the execution flow of the target function by intercepting return addresses in the nested function call stack.
Very intriguing report from Pangu Lab about advanced, allegedly NSA's, top-tier backdoor - Bvp47. Features are indeed impressive.
The last screenshot is very telling.
source:
#ShadowBrokers
#EquationGroup
It was well described by
@Jackson_T
- basically there are 4 distinct areas when it comes to EDR evasion:
- blending in
- sensor avoidance
- abusing blind spots
- tampering sensors (including traffic manipulation)
Sensor avoidance is something a lot of peeps miss.
More on this:
"RED TEAM Operator: Privilege Escalation in Windows" is OUT!
20 different LPE techniques
30% discount, valid till May 3rd, 2020
Access to content: lifetime
Link with discount:
Enjoy and please RT!
#redteam
#Pentesting
#RTO
#Malware
#onlinelearning
Let the Black Friday begin!
25% off from the regular price.
To get the discount use the code: BEFICOM-22
Cyber Monday is a deadline, so don't wait too long!
#RTO
#redteam
#onlinelearning
Black Week has started @ SEKTOR7 Institute!
For the next 7 days you can purchase any course with $30 off the regular price.
Cyber Monday is a deadline, so don't wait too long!
#RTO
#redteam
#onlinelearning
Hooking ZwOpenProcess(), GetExtendedTcpTable() and GetRTTAndHopCount() in unnamed AV process to hide malicious payloads. Userland rootkits are alive and kicking :)
New RTO series course is coming!
Pre-sales of Malware Development Intermediate is open!
Official launch day: October 24th, 2020
Current price: $199 net
You can't miss this one!
#redteam
#onlinelearning
A story of /proc/self/mem writing to its own non-writable memory:
That's why injecting meterpreter into 'dd' process without touching disk is possible:
RED TEAM Operator: Malware Intermediate course discount is up!
Valid for the next 2 weeks! Click the link below to get a reduced price.
#redteam
#onlinelearning
#RTO
Our campaign is over. Results are just mind blowing!
We've collected almost $81k and all goes to Polish Red Cross (
@PolskiCK
) to support Ukrainian refugees fleeing the war zone.
I'd like to personally thank all of you who supported the cause!
reenz0h
#HelpforUkraine
🌻🌻🌻
Ukraine needs support! SEKTOR7 has already donated to Polish Red Cross, but there's something we can do more.
Thus we give out a 50% discount on all our courses and donate all the income to the Polish Red Cross
Please share/retweet
#StandWithUkraine
🌻
3-day Late Spring Sale! 25% off on ALL courses.
Use the following link to apply the discount code:
Promo ends this Wednesday (EoD Zulu)!
#redteam
#elearning
Offensive use of Detours hooks to steal NT hashes.
All students of RTO: MalDev Intermediate course should pretty quickly digest information from the post:
Enjoy the reading!
#redteam
#RTO