Estimated Reading Time: 5 minutes On a recent Red Team engagement, I was poking around having a look at different files and trying to see if I could extract any information that would allow me to move laterally through the network. I was hopeful, as always, that I would land on domain_admin_passwords_2024.xlsx or something (don’t laugh – we’ve all found…
Category: Red Team
Cortex XDR Ransomware Protection, Chocolate Teapots and Inflatable Dartboards
Estimated Reading Time: 6 minutes A post exploring how to enumerate and avoid Cortex XDR ransomware files/folders and avoid getting caught
Bypassing AppLocker by abusing HashInfo
Estimated Reading Time: 4 minutes This article is based mostly on the work of Grzegorz Tworek (@0gtweet) I recently saw this tweet from Grzegorz Tworek (@0gtweet – who if you aren’t following you really should be!) come across my timeline I had seen previous tweets referencing the AppLocker hash/signature cache and having a CPD day I thought I would take…
Oh my API, abusing TYK cloud API management to hide your malicious C2 traffic
Estimated Reading Time: 10 minutes Hiding your malicious C2 traffic through legitimate channels is challenging nowadays, especially while CDN providers block all known techniques to use domain fronting to hide your malicious traffic. For that reason, I was looking for a service that I can (ab)use to forward and hide my malicious C2 traffic using their domains without exposing my…
NinjaC2 V2.2 Released with New Features
Estimated Reading Time: 3 minutes NinjaC2 v2.2 include new features including : NinjaC2 can be downloaded from github Enhanced User interface New Amazon Web Services EC2 instance creation automation : deploy Ninja to new AWS instance in 5 minutes. More organized file management Now every campaign has its own folder that contain files and configuration. Updated Mimikatz script Fixes for…
DNSStager v1.0 stable: Stealthier code, DLL agent & much more
Estimated Reading Time: 3 minutes In the past year, I published the first version of DNSStager which is a tool to hide your payload in DNS, and presented an updated version of it at BlackHat Europe 2021 and @Hack conferences. Today I’m happy to announce that the Stable version of DNSStager is out with some new features and fixes for…
NinjaC2 V2.1 : New webshell agent , more features and updated AV bypass
Estimated Reading Time: 3 minutes Am happy to release NinjaC2 V2.1 that include a new features like new webshell agent and new features which will be explained in this article . URL to download NinjaC2 : https://github.com/ahmedkhlief/Ninja Ninja C2 V2.1 Feature Summary : Added New ASP webshell with new interface to manage webshells Added Word and Excel simple Macro payload…
Unveiling DNSStager: A tool to hide your payload in DNS
Estimated Reading Time: 8 minutes In the past few weeks, I was working on a new project that could help me to solve an issue during a case I was facing, I needed a tool to help me pulling off my payload through DNS without being noisy or suspicious with the ability to inject this payload to the memory and…
Customising an existing evilginx phishlet to work with modern Citrix
Estimated Reading Time: 6 minutes As part of a recent Red Team engagement, we had a need to clone the Citrix endpoint of the target company and see if we could grab some credentials. Sounded like a job for evilginx2 (https://github.com/kgretzky/evilginx2) – the amazing framework by the immensely talented @mrgretzky. What is evilginx2? evilginx2 is a man-in-the-middle attack framework used…
Defeat Bitdefender total security using windows API unhooking to perform process injection
Estimated Reading Time: 14 minutes Bypassing endpoint protections such as AVs/EDRs is a phase that you need to take care of when you prepare for your red team operation, it could take some time to understand how these solutions are working before you try to bypass them. And with the large number of resources published online on this topic, it…