Binary Ninja Plugin: fix-stomped-imports
Recently, in response to a customer incident we needed to reverse engineer a malware sample of WhiteRabbit ransomware that proved to be tricker than expected. As we'll see, this sample maps a PE [...]
Recently, in response to a customer incident we needed to reverse engineer a malware sample of WhiteRabbit ransomware that proved to be tricker than expected. As we'll see, this sample maps a PE [...]
Today, we are releasing a new tool called SharpConflux, a .NET application built to facilitate Confluence exploration. It allows Red Team operators to easily investigate Confluence instances with the goal of finding credential [...]
As Red Teamers, we need an OPSEC safe method to execute shellcode via a range of initial access vectors. Things are getting more and more difficult with Endpoint Detection and Response (EDR) products [...]
ETWHash is a small C# tool used during Red Team engagements, that can consume ETW SMB events and extract NetNTLMv2 hashes for cracking offline, unlike currently documented methods. GitHub: https://github.com/nettitude/ETWHash Microsoft ETW (Event [...]
A common objective of physical assessments is placement of a drop box to establish communication out of the network environment. A few years ago, the choices were limited to NUC or a Raspberry [...]
This article will focus on using a LoRa to create a side channel using a public LoRa infrastructure. By using a gateway and endpoints defined in a LoRa network service, it is possible [...]
Download our whitepaper and tool This blog is a condensed version of a whitepaper we've released, called "Process Hiving". It comes with a new tool too, "RunPE". You can download these at [...]
There have been a few cool updates to PoshC2, our public Command & Control (C2) software, since we first released it. In this post, we’ll walk you through some of these new features [...]