Advanced Search
Search Results
41 total results found
Red Team
Articles
Malware
Threat Intelligence
Notes and Insights
Targeted and Efficien Phishing: Alteryx Workflow
Background Recently, my friend who works in the accounting industry has been working hard to learn how to use a tool called Alteryx. She occasionally shares her learning experience with me, even though I do not have any knowledge of the accounting industry. T...
Use Searching Engines to Hunt For Threat Actors
Background Hi folks, today, I’d like to discuss how to leverage search engines to identify vulnerable servers used by threat actors. These actors often employ multiple servers for various purposes, such as phishing infrastructure, command and control (C2) inf...
Bypass AMSI On Windows 11
Motivation In this article, I want to break down AMSI (Anti-Malware Scan Interface) and its bypass technique on Windows 11. AMSI bypass is not a new topic, and compared with bypassing EDR, AMSI bypass is much easier, but I found that one bypass approach taugh...
MutationGate
Background Motivation Considering inline hook is a major detection utilized by EDR products, bypassing them is an interesting topic to me. Regarding bypassing inline hook placed by EDR, there are already quite a few approaches available. Although some of t...
CVE Collection
New Page
[Backup] How Did I Take Over CobaltStrike Servers
Hi folks, today I would like to share how I take over some Cobalt Strike TeamServerswith Quake and Password Spray Attack. From the perspective of a threat hunter, it isgood to track C2 servers on the Internet. From the perspective of a hacker, it is good tocom...
ReflectiveLoading And InflativeLoading
CobaltStrike's Beacon is essentially a DLL. The raw format payload is a patched DLL file. Through ingenious patching, the Beacon can achieve position independence similar to shellcode. We generate and compare payloads in both DLL and RAW formats: The Beacon i...
OSINT
EDRPrison: Borrow a Legitimate Driver to Mute EDR Agent
Hey friends, today I will share a technique that can be used to evade EDR products. I hesitate to call it a "new" technique, as I drew inspiration from existing projects and techniques. It is not a typical evasion method like sleep obfuscation, stack obfuscati...
CKAN Authenticated SSRF <= 2.9.11/2.10.4
Vulnerability Information Product: Ckan Vendor: https://github.com/ckan Affected Version(s): <= 2.9.11/2.10.4 CVE ID: TBD Description: SSRF vulnerability in resource proxy functionality in Ckan <=2.9.11/2.10.4, allowing authenticated attackers to scan ...
Reuniting with a Childhood Friend Lost for 8 Years Using OSINT
OSINT, or Open Source Intelligence, is a crucial skill in the field of cybersecurity. It is widely used not only in cybersecurity but also in the intelligence community. For cybersecurity professionals, whether involved in red teaming, blue teaming, or threa...
用OSINT技术找回失联8年的童年伙伴
OSINT,即开源情报,是网络安全领域中一项重要的技能。不仅是网络安全,情报界也广泛使用。对于网络安全人员,无论从事红队,还是蓝队,还是威胁狩猎/情报等,OSINT 都能发挥不同的作用。对于红队来说,OSINT 可以帮助操作员们在不与目标积极交互(漏洞扫描,目录爆破,社会工程学尝试等)的情况下了解目标的攻击面,掌握暴露的脆弱资产。对于蓝队以及威胁狩猎等更加偏向于主动与被动防御的角色来说,OSINT 可以帮助工程师们识别攻击者的技术栈,个人信息,基础设施,背后势力等。 作为一名红队操作员,在日常工作里,我主要利...