BLUE

netbiosX

@netbiosx.bsky.social

Red & Purple Team Leader

199 followers35 following125 posts

Overview Posts Replies

Nnetbiosx.bsky.socialJan 8, 2024 8:25am

Persistence - Event Log pentestlab.blog/2024/01/08/p...

Persistence – Event Log

Windows Event logs are the main source of information for defensive security teams to identify threats and for administrators to troubleshoot errors. The logs are represented in a structured format (X...

Nnetbiosx.bsky.socialJan 3, 2024 7:17am

Scheduled Task Tampering ipurple.team/2024/01/03/s...

Scheduled Task Tampering

The HAFNIUM threat actor is using an unconventional method to tamper scheduled tasks in order to establish persistence via modification of registry keys in their malware called Tarrask. The benefit of...

Nnetbiosx.bsky.socialJan 2, 2024 8:38am

Initial Access – search-ms URI Handler pentestlab.blog/2024/01/02/i...

Initial Access – search-ms URI Handler

Microsoft search protocol enables clients to initiate connections against an enterprise search service such as SharePoint or WebDav. During these search connections the protocol server will respond wi...

Nnetbiosx.bsky.socialDec 29, 2023 12:59pm

EDRSilencer - A tool that uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server github.com/netero1010/E...

GitHub - netero1010/EDRSilencer: A tool uses Windows Filtering Platform (WFP) to block Endpoint Dete...

A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server. - GitHub - netero1010/EDRSilencer: A tool uses Windo...

Nnetbiosx.bsky.socialDec 27, 2023 5:44pm

CLR Heap encryption - a POC for a CLR sleep obfuscation attempt. It uses IHostMemoryManager interface to control the memory allocated by the CLR github.com/lap1nou/CLR_...

GitHub - lap1nou/CLR_Heap_encryption

Contribute to lap1nou/CLR_Heap_encryption development by creating an account on GitHub.

Nnetbiosx.bsky.socialDec 19, 2023 12:40pm

Reflective x64 loader implemented using dynamic indirect syscalls github.com/Krypteria/At...

GitHub - Krypteria/AtlasLdr: Reflective x64 loader implemented using dynamic indirect syscalls

Reflective x64 loader implemented using dynamic indirect syscalls - GitHub - Krypteria/AtlasLdr: Reflective x64 loader implemented using dynamic indirect syscalls

Nnetbiosx.bsky.socialDec 13, 2023 6:11pm

PoolParty BOF - A beacon object file implementation of PoolParty Process Injection Technique github.com/0xEr3bus/Poo...

GitHub - 0xEr3bus/PoolPartyBof: A beacon object file implementation of PoolParty Process Injection T...

A beacon object file implementation of PoolParty Process Injection Technique. - GitHub - 0xEr3bus/PoolPartyBof: A beacon object file implementation of PoolParty Process Injection Technique.

Nnetbiosx.bsky.socialDec 11, 2023 1:19pm

A set of fully-undetectable process injection techniques abusing Windows Thread Pools github.com/SafeBreach-L...

GitHub - SafeBreach-Labs/PoolParty: A set of fully-undetectable process injection techniques abusing...

A set of fully-undetectable process injection techniques abusing Windows Thread Pools - GitHub - SafeBreach-Labs/PoolParty: A set of fully-undetectable process injection techniques abusing Windows ...

Nnetbiosx.bsky.socialDec 8, 2023 1:44pm

IoctlHunter - A command-line tool designed to simplify the analysis of IOCTL calls made by userland software targeting Windows drivers z4ksec.github.io/posts/ioctlh...

Nnetbiosx.bsky.socialNov 30, 2023 4:57pm

A simple loader that uses indirect syscalls via the Tartarus' Gate method github.com/nettitude/Ta...

GitHub - nettitude/Tartarus-TpAllocInject

Contribute to nettitude/Tartarus-TpAllocInject development by creating an account on GitHub.

netbiosX

@netbiosx.bsky.social

Red & Purple Team Leader

199 followers35 following125 posts