Security Research & Development
Research Agenda Part1 – porting the backdoor for windows (READY) Part2 – porting the backdoor for Linux/Unix (IN PROGRESS) Part3 – hiding the process (IN PROGRESS) Part4 – provision of techniques (IN PROGRESS) RootKits Definitions According to Greg Hoglund, a rootkit is “a set of programs and code that allows a permanent or consistent, undetectable presence on a … Read more
Intro Despite the fact, XDR products play bulletproof against newly cyber by newly updated built-in defensive techniques and procedures, there are small holes in the development face of such products which could let intruders get used to it to gain an ability to disable or suspend or even use it as a way of persistent. … Read more
introduction DNS is one of the core services of the current Internet. It is used not only for obvious benign purposes but also for malicious use. For example, we can see its usage in botnet command and control servers (C&C), phishing sites, or download sites with malicious code. DNS exfiltration is the unauthorized transfer of … Read more
Introduction Recently Mailgun security team published an article on their blog warning internet users about new scammed email messages targeting users and describing how much these messages are becoming legitimate and even making it worse for users to know if it is legitimate or fake. While I was reading some of the received emails, I … Read more
Introduction During red teaming operation, Lateral movement or known as an east-west movement refers to the technique to move deeper into a network. Such an attack allows a threat actor to avoid detection and retain persistent access. This newly published research explains how to take advantage of windows services, it details how to mimic windows … Read more
There is more? Recently a Security researcher @jonhat discovered a zero-day vulnerability in the plug-and-play Razer Synapse installation that allows users to gain SYSTEM privileges on a Windows device quickly. by plugging the Razer mouse into the system, windows 10 will download the suitable software and start the process of driver installation. Since the process … Read more
Introduction This research paper will demonstrate the unique process hollowing technique used to bypass and divert detection analysis. the following research has been introduced first on CrestCon Asia 2021, and you may watch it on Youtube(https://www.youtube.com/watch?v=H7EMBz7GLMk) With an advanced newer security defense solution (e.g., EDR, XDR, NGAV), it becomes much harder for offensive security experts to … Read more