Rubeus is a C# toolkit for Kerberos interaction and abuse. Kerberos, as we all know, is a ticket-based network authentication protocol used in Active Directories.
Johnny Shaw demonstrated a defense evasion technique known as process herpaderping in which an attacker is able to inject malicious code into the mapped memory
HTML Smuggling is an evasive payload delivery method that helps an attacker smuggle payload past content filters and firewalls by hiding malicious payloads inside of
Eugene Kogan and Tal Liberman presented a technique for defense evasion called “Process Doppelganging” in Blackhat EU 2017 which can be found here and a
In July 2011, John Leitch of autosectools.com talked about a technique he called process hollowing in his whitepaper here. Ever since then, many malware campaigns
Windows developed the Antimalware Scan Interface (AMSI) standard that allows a developer to integrate malware defense in his application. AMSI allows an application to interact
During Red Team assessments, after an attacker has compromised a system, they often move laterally through the network, gaining more relevant information on other systems.
In this article, we explore how a WebClient Workstation Takeover can occur during lateral movement by abusing WebDAV shares. Inspired by @tifkin_’s and the Certified
Parent PID spoofing is an access token manipulation technique that helps an attacker evade defense mechanisms such as heuristic detection by spoofing the PPID of