February 19, 2020
Adaptive DLL Hijacking
DLL hijacking has been a centerpiece of our operations for many years. During that time…
Read More
October 9, 2019
CVE-2019-10617 – AtherosSvc Registry LPE
Discovery In DbgView one day, I noticed repeated noisy output from a particular process. The…
Read More
June 13, 2019
Modern Red Team Infrastructure
There’s been a lot of talk recently regarding modern strategies for red team infrastructure. The…
Read More
June 4, 2019
Re-Animating ActivitySurrogateSelector
In 2017, James Forshaw released a DotNet deserialization gadget which abuses the ActivitySurrogateSelector class from…
Read More
November 14, 2018
Machine Learning for Red Teams, Part 1
TLDR: It's possible to detect a sandbox using a process list with machine learning. Introduction…
Read More
