Purple Teaming | Adversarial simulation | Author of Androl4b, GoPurple

Joined September 2012
I have recently developed a tool which consists of 13 different shell code injections to evaluate endpoint detection capabilities. All credits go to @Ne0nd0g @_D00mfist @C__Sto @_batsec_ @spotheplanet for their amazing works that inspired me to do it. github.com/sh4hin/GoPurple
4
109
243
ֆɦ4ɦɨռ retweeted
Just pushed a very smol utility to drop’n’load drivers using NtLoadDriver instead of the noisy service creation loading. Can be used to load vulnerable signed drivers to execute arbitrary code in kernel. Tool + Writeup: github.com/slaeryan/AQUARMOU… Part 2 - exploitation coming soon...
0
54
120
ֆɦ4ɦɨռ retweeted
10th Chapter (Kernel Debugging) of Practical Malware Analysis (No Starch Press) complete. Just about hit the half way mark of this write-up. Write-ups take significantly longer than just reading content, but if it helps someone learn, then it's worth it. jaiminton.com/Tutorials/Prac…
4
64
204
ֆɦ4ɦɨռ retweeted
To celebrate 🎃, here’s a spooky delight - Wraith 👻 - A stealthy native loader PIC blob utilizing IE COM object, direct syscalls, ACG/CIG, PPID Spoofing ‘an lots of other OPSEC goodies Blog + Tool: github.com/slaeryan/AQUARMOU… A special thank you to @spotheplanet & @SBousseaden
8
76
182
ֆɦ4ɦɨռ retweeted
A great list of C# resources for red / purple teaming and offensive pen testing @5ub34x cheers dude. github.com/5ub34x/CSharpTool…
0
47
117
We are excited to announce higher Azure bounties and a new space for Azure research! The Azure Security Lab is a set of dedicated hosts that researchers can use to probe IaaS security without affecting customers. To find out more, see our blog. msrc-blog.microsoft.com/2019…
2
106
184
ֆɦ4ɦɨռ retweeted
A quick conspectus on code injection with SetWindowHookEx: ired.team/offensive-security…
0
17
34
ֆɦ4ɦɨռ retweeted
Working on a side project I had to use the SystemProcessAndThreadsInformation class in NtQuerySystemInformation. I wrote a small wrapper which may help as a code reference if you want to do something similar => github.com/FuzzySecurity/Sha…
1
29
74
ֆɦ4ɦɨռ retweeted
If your org is starting a threat hunting program and you want to start somewhere simple, I've built a table with some common use cases and linked them to @MITREattack framework and added some @HybridAnalysis samples. Hope this helps. github.com/dwestgard/threat_…
1
92
231
Show this thread
ֆɦ4ɦɨռ retweeted
Detecting CACTUSTORCH using Sysmon -> blog.menasec.net/2019/02/thr… #ThreatHunting #dfir
0
6
8