Exploring our dataset of malware and benign binaries to find patterns, anomalies, and generally seeing what we have.
Endpoint Protection and Response is complicated for both offence and defence. In this blog we take a look at AMSI and ETW from both perspectives.
Breaking down the Maelstrom DLL and Loader to identify and discuss remediations for indicators-of-compromise.
Exploring the development of a C2 Team Server, discussing common challenges, stealth techniques, and the complexities of identifying malicious network traffic.
Endpoint Protection and Response is complicated for both offence and defence. In this blog we take a look at Kernel Callbacks, Hooks, and Thread Call Stacks from both perspectives.
In this blog, we will discuss how to write a C2 implant for the modern era. We will look at the history of offensive techniques and the progress of defence.
A look into the design choices behind the C2, along side some design concepts to keep it stable, and the workflow smooth.
Playing with AV evasion techniques by using formats such as CSS, SVG, etc.
Throughout this series, we will be slowly building out a Command & Control Framework and discussing common implementation, IOCs, and TTPs.