Red team guy at @SpecterOps | Aut viam inveniam aut faciam

USA
Joined June 2010
New blog post discussing approaches to evasion that use less anecdotal evidence (technique X worked against Y) to one which uses observed agent capabilities to determine OPSEC-safe techniques. posts.specterops.io/adventur… 1/5
5
215
423
This PoC uses a reconnaissance agent to detect usermode function hooks and ships results back to a server which parses them, creates a template payload using "safe" techniques, compiles it, and then ships it back to the original agent to run it inline. vimeo.com/487937178 3/5
1
4
13
Additionally, I've pushed just the reconnaissance tool from SHAPESHIFTER up to OffensiveC# as HookDetector github.com/matterpreter/Offe… 4/5
1
5
11
I've also created a Frida script to hook native APIs to facilitate testing against a simulated EDR agent. While this script is meant to accompany SHAPESHIFTER's agent, it can easily be used to test other tools and expanded to cover more native APIs gist.github.com/matterpreter… 5/5
0
7
19
Matt Hand retweeted
Just finished the Adversary Tactics: Vulnerability Research for Operators course, I can’t recommend @SpecterOps training enough, it was tons of info but very good class. Thanks @matterpreter and crew!
0
5
38
Slides: "Hypervisor Vulnerability Research: State of the Art" (with a deep focus on Hyper-V & ESXi) alisa.sh/slides/HypervisorVu…
5
207
539
What makes Apollo, Mythic's new Windows agent, different? I documented how Apollo integreates with Mythic to showcase all the features and flexibility of a C2 framework while providing the operating/training experience I've always wanted. Read more: posts.specterops.io/apollo-a…
1
49
103
Show this thread
Matt Hand retweeted
SO-CON 2020 Keynote Announcement: How Do Ghosts Grow Up? In this session, our CEO @davidpmcguire will talk about our collective journey and how we hope to leave a positive impact on our community. Register for SO-CON 2020: so-con-2020.eventbrite.com/
0
10
22