Worried about EDR hooking catching you out?

This post and subsequent code snippets will help you quickly assess whether EDR is loaded into your process (without a debugger) and performing user-level hooking on important functions that you may wish to use, e.g. process migration using ZwOpenProcess and ZwCreateThreadEx. When red teaming in a new environment we always need to perform situation awareness.Continue reading “Worried about EDR hooking catching you out?”

PoshC2 Shellcode and Binary Patching

TL;DR – This article is a short run through of how PoshC2‘s shellcode is automatically generated on the fly using binary patching without the need for continued re-compilation. We’ll also go over how we use GitLab CI/CD pipelines to generate the payload files and create the artefact files inside the resources folder, specifically shellcode! DevOpsContinue reading “PoshC2 Shellcode and Binary Patching”

To Be A CISO For A Day

A lot of the top-tier companies that I work with have fallen into the same trap of running a compliance driven security function which means policies are created purely to be compliant and not necessarily adopted or fully integrated by the organisation for security purposes. Policies and procedures is a great thing and provide aContinue reading “To Be A CISO For A Day”