Evening mini tool release time!
7kB PIC blob to bypass AV/EDR UM hooks using Section Remapping, designed to be used with loaders, can be used to protect spawned sacrificial processes
Tool + Writeup: github.com/slaeryan/AQUARMOU…
New blog post discussing approaches to evasion that use less anecdotal evidence (technique X worked against Y) to one which uses observed agent capabilities to determine OPSEC-safe techniques. posts.specterops.io/adventur… 1/5
New blog post is up looking at how .NET DLL exports work behind the scenes, and how we can use the portal created to invoke managed code. blog.xpnsec.com/the-net-expo…