Security Research & Development
introduction and here we are in part three of this series, and in this blog post, I am going to finish the operational part of our c2c that includes a stable demo with a very straightforward execution flow. before start explaining the topic for today, there are some questions asked about why I want the … Read more
In memory of Terry Davis (August 11, 2018) an idiot admire complexity, a genius admires simplicity Terry Davis In this part, I will continue developing the team server for the operator side and designing the operator GUI interface. since the topic will contain several cod blocks, I have done the workshop videos via twitch and … Read more
Introduction Over a while, the development of c2c has increased rapidly, including the number of new commercial frameworks, which I will not mention because I am not here to advertise any, and there are awesome open-sourced projects such as sliver, Covenant, and many more. In this article, I will shed light on the uncovered offensive … Read more
Malwarebytes provides a support tool that automatically repairs and fixes software issues and broken configurations, that’s actually common for anti-malware software to assist their customers to do that. after navigation into HelpCenter inside the Malwarebytes interface, you need to download the software package which will do self-extraction and requires elevated permission to continue running. since … Read more
https://github.com/0xsp-SRD/mortar Words to say I released the Mortar loader a couple of months ago, and it was good results in defeating and diverting advanced AV(anti-virus) solutions. However, even after many vendors pushed some updates to detect the loader, it was easy to compile an undetectable version by changing some code lines.,And here I am pointing … Read more
Research Agenda Part1 – porting the backdoor for windows (READY) Part2 – porting the backdoor for Linux/Unix (IN PROGRESS) Part3 – hiding the process (IN PROGRESS) Part4 – provision of techniques (IN PROGRESS) RootKits Definitions According to Greg Hoglund, a rootkit is “a set of programs and code that allows a permanent or consistent, undetectable presence on a … Read more
Intro Despite the fact, XDR products play bulletproof against newly cyber by newly updated built-in defensive techniques and procedures, there are small holes in the development face of such products which could let intruders get used to it to gain an ability to disable or suspend or even use it as a way of persistent. … Read more
introduction DNS is one of the core services of the current Internet. It is used not only for obvious benign purposes but also for malicious use. For example, we can see its usage in botnet command and control servers (C&C), phishing sites, or download sites with malicious code. DNS exfiltration is the unauthorized transfer of … Read more
Introduction Recently Mailgun security team published an article on their blog warning internet users about new scammed email messages targeting users and describing how much these messages are becoming legitimate and even making it worse for users to know if it is legitimate or fake. While I was reading some of the received emails, I … Read more
Introduction During red teaming operation, Lateral movement or known as an east-west movement refers to the technique to move deeper into a network. Such an attack allows a threat actor to avoid detection and retain persistent access. This newly published research explains how to take advantage of windows services, it details how to mimic windows … Read more