New blog post discussing approaches to evasion that use less anecdotal evidence (technique X worked against Y) to one which uses observed agent capabilities to determine OPSEC-safe techniques. posts.specterops.io/adventur… 1/5
This PoC uses a reconnaissance agent to detect usermode function hooks and ships results back to a server which parses them, creates a template payload using "safe" techniques, compiles it, and then ships it back to the original agent to run it inline. vimeo.com/487937178 3/5
I've also created a Frida script to hook native APIs to facilitate testing against a simulated EDR agent. While this script is meant to accompany SHAPESHIFTER's agent, it can easily be used to test other tools and expanded to cover more native APIs gist.github.com/matterpreter… 5/5
Just finished the Adversary Tactics: Vulnerability Research for Operators course, I can’t recommend @SpecterOps training enough, it was tons of info but very good class. Thanks @matterpreter and crew!
What makes Apollo, Mythic's new Windows agent, different? I documented how Apollo integreates with Mythic to showcase all the features and flexibility of a C2 framework while providing the operating/training experience I've always wanted. Read more: posts.specterops.io/apollo-a…
SO-CON 2020 Keynote Announcement: How Do Ghosts Grow Up?
In this session, our CEO @davidpmcguire will talk about our collective journey and how we hope to leave a positive impact on our community.
Register for SO-CON 2020: so-con-2020.eventbrite.com/