Red Teams often use Indirect Command Execution as a defense evasion technique in which an adversary tries to bypass certain defense filters that restrict certain types of scripts/executables from running. Various Windows utilities allow users to execute commands, possibly without invoking cmd. For example, if a firewall restricts DLL execution, an adversary can bypass it […]
Defense Evasion: Windows Event Logging (T1562.002)
In this post, we explore Windows Event Logging defense evasion techniques used by attackers to avoid detection. By disabling, bypassing, or tampering with event logs using tools and scripts, threat actors can cover their tracks and stay hidden from security teams. Understanding these techniques is crucial for defenders to strengthen monitoring and response capabilities. Defense […]
Defense Evasion with obfuscated Empire
In this article, we will learn the technique of Defense Evasion using the PowerShell Empire. PowerShell Empire is one of my favourite Post Exploitation tools and it is an applaudable one at that. Table of Contents: Installation Getting a session with Empire Obfuscating with Empire Installation When evading all the target defense with Empire, it […]
Defense Evasion: Alternate Data Streams
Alternate Data Stream is an artifact of New Technology File system (NTFS) which was introduced by Windows. It was traditionally introduced so that it could provide compatibility for file sharing with the older Hierarchical File system (HFS) of Macintosh systems where the data could be forked into different resources and to store additional data of […]
Defense Evasion: Hide Artifacts
Today, in this article, we will focus on various methods that attackers implement to evade detection by hiding artifacts in the victim’s system to execute their malicious intent. Table of Content Introduction Hiding Files and Directories Using Command Prompt Hiding System Users Using Command Prompt Using Registry Edit Hiding File Systems Over Command Prompt Using […]