The evolution of evasion Evasion is a very interesting topic. When I say evasion, I’m referring to both evading prying eyes from analysts and avoiding their attention, as well as evading AV and ED...

C2 Smackdown - Empire vs Mythic I found evaluating platforms like this to be a great way to familiarize myself with them quickly, so I’ve opted to do this test again. The last time I compared C2’s...

Running An Adversary Emulation Exercise Adversary emulation can take many forms, but it will always have the same end goal. Helping companies come away knowing how to defend themselves better. You...

Bloodhound What is it? Bloodhound describes their product as using graph theory to reveal hidden and unintended links between users and groups that makes lateral movement easier for attackers. Natu...

Sliver vs Havoc - Two Adversary Emulation Frameworks I wanted to objectively measure two well known frameworks against one another and see which fits certain needs best. To this end, each platfor...

A Quick Review Of Where We Started Switchblade started out about a year ago with an idea taken from the leaked CIA toolset. The tool was called Switchblade, and it used mutual TLS in order to rout...

Another fake ad, another fake product Wow, there’s been a lot of malvertising recently. The last post was on a bitcoin scam and it looks like we’re continuing this trend. Some of you might remembe...

Do You Want To Be A Millionaire? I got the weirdest phishing email the other day. It was a link to a cryptocurrency exchange called protoncoin[.]net with a username and password. So naturally, I c...

How Does AV Know? Have you ever wondered how AV knows what that the application you’re trying to run is malicious when it doesn’t have a known signature? NTDLL is the answer. Before we begin It’...

Please pardon the mess as the old Blogger site is transitioned here. Some of the posts got saved oddly, some of them have poor formatting because I made poor design choices, and some are missing fo...