New blog post discussing approaches to evasion that use less anecdotal evidence (technique X worked against Y) to one which uses observed agent capabilities to determine OPSEC-safe techniques. posts.specterops.io/adventur… 1/5
5
215
424
This PoC uses a reconnaissance agent to detect usermode function hooks and ships results back to a server which parses them, creates a template payload using "safe" techniques, compiles it, and then ships it back to the original agent to run it inline. vimeo.com/487937178 3/5

5:06 PM · Dec 7, 2020

1
4
13
Additionally, I've pushed just the reconnaissance tool from SHAPESHIFTER up to OffensiveC# as HookDetector github.com/matterpreter/Offe… 4/5
1
5
11
I've also created a Frida script to hook native APIs to facilitate testing against a simulated EDR agent. While this script is meant to accompany SHAPESHIFTER's agent, it can easily be used to test other tools and expanded to cover more native APIs gist.github.com/matterpreter… 5/5
0
7
19