Sample LogParser SQL query

Effectively analysing sysmon logs

/
We previously covered setting up and using sysmon (System Monitor),…

Putting attackers in hi vis jackets with sysmon

/
Background Sysmon (short for system monitor) has been part of…

More XSS Shenanigans

/
In September, we released our XSS Payloads collection of scripts…
Bypass with well-placed breakpoints using LLDB

Who owns your runtime?

/
Can mobile applications trust their own runtime environment?…
Create a caption for the OLE object

Fun with Windows binaries - application whitelist bypass using msiexec

/
We were inspired by the work @subTee has done with application…

PoshC2 - new features

/
There have been a few cool updates to PoshC2, our public Command…
Four stages of the exploit kit infection chain [1]

An analysis of the RIG exploit kit

/
Over the last few weeks, we have observed an increase of RIG…
Windows Explorer default permissions

Analysing the NULL SecurityDescriptor kernel exploitation mitigation in the latest Windows 10 v1607 Build 14393

/
We recently discovered a new and quietly released Windows kernel…

From macro to malware - a step by step analysis

/
We recently received an email which contained a malicious Word…