In July 2011, John Leitch of autosectools.com talked about a technique he called process hollowing in his whitepaper here. Ever since then, many malware campaigns
Windows developed the Antimalware Scan Interface (AMSI) standard that allows a developer to integrate malware defense in his application. AMSI allows an application to interact
During Red Team assessments, after an attacker has compromised a system, they often move laterally through the network, gaining more relevant information on other systems.
In this article, we explore how a WebClient Workstation Takeover can occur during lateral movement by abusing WebDAV shares. Inspired by @tifkin_’s and the Certified
Parent PID spoofing is an access token manipulation technique that helps an attacker evade defense mechanisms such as heuristic detection by spoofing the PPID of
Indirect Command Execution is a defense evasion technique that is often used by Red Teams in which an adversary tries to bypass certain defense filters
Resource-Based Constrained Delegation (RBCD) is a security feature in Active Directory (AD) that allows a computer object to specify which users or machines can impersonate
Will Schroeder and Lee Christensen wrote a research paper on this technique which can be referred to here. In ESC8 technique mentioned in the research paper,
Gabriel Landau released a post on Elastic Security here which talks about a technique through which antivirus evasion was found to be possible. The technique