-
Bypass Cortexxdr And Sophos Edr Like Real Red Teamer
About in this blog post we are going to build our own loader that will load C2 (beacon/demon) in memory and execute and bypass top tier EDRs like PaloAlto Cortex XDR and Sophos EDR C2 used in the blog post is havoc C2 https://github.com/HavocFramework/Havoc/ who is the real red teamer...
-
Anzu Etw Nextgeneration Of Soc Rules
About in this blog we are going to talk about my recent project called Anzu ETW , it is a tool that I developed to allow SOC/DFIR team to create plugins that use ETW or any other telemtry to log or response against cyber threats. what is ETW ? Event...
-
Bypass Cortex Ransomware Protection
About in this blog we are going to bypass the ransomware protection from PaloAlto Cortex EDR! how the protection is working ? Cortex EDR is creating a dummy (decoy) files that is not visable to the users but, when any software interact with it then the Cortex EDR will know...
-
Polymorphic Signature Change Hash Of The Malware For Every Execution
[Polymorphic Signature] Change hash of the malware for every execution About in this blog we are going to talk about make the malware change its own hash by it self for every execution utilizing self deletion method . advantages for red teamer imagine that your malware detected in the environment...
-
Exploiting Mt Rand Php 2024
This blog post delves into the inner workings of mt_rand(), exposing its weaknesses and demonstrating how these vulnerabilities can be exploited. We’ll examine real-world scenarios and provide insights into more secure alternatives. What is mt_rand in php? This function generates a random value via the Mersenne Twister Random Number Generator...