In-Memory shellcode decoding to evade AVs/EDRs

Estimated Reading Time: 9 minutes During the previous week, I was doing some research about win32 APIs and how we can use them during weaponizing our attack, I already did some work related to process injection in the past, but I was looking for something more advanced and to do an extra mile in process injection. So, I took my…

Ninja C2 V1.1 : New Update with many features

Estimated Reading Time: 4 minutes After seeing many positive feedback regarding Ninja C2 . I decided to enhance it , solve the known issues and provide more features that will help every pentester . i tested Ninja in real world pentest engagements , also in CRTP exam and it proved to be worthy to make your life easy while doing…

Automate Octopus C2 RedTeam Infrastructure Deployment

Estimated Reading Time: 15 minutes Establishing a red team infrastructure for your operation is something you need to take care of every time, and you need to make sure it’s working without any obstacles before you begin your operation. Every time I start a new operation, I set up the infrastructure manually using DigitalOcean or AWS, and it’s always enjoyable…

Octopus v1.0 stable: Cobalt Strike deployment & much more!

Estimated Reading Time: 4 minutes After months of releasing the first version of Octopus, I’m more than glad to announce that the stable version of Octopus is out! During the past few months, I worked with talented people to enhance Octopus capabilities and adding great features to it, also we fixed a couple of errors and made the usage of…

Introducing Ninja C2 : the C2 built for stealth red team Operations

Estimated Reading Time: 12 minutes Ninja C2 built on top of the leaked muddyc3 , you can find my article on how i revived this abandoned c2 which used by muddywater (IRAN APT Group) : Reviving MuddyC3. What make Ninja C2 different from other C2 is being built for full stealth to bypass the detection of SIEM and Endpoint Security…

Reviving MuddyC3 Used by MuddyWater (IRAN) APT

Estimated Reading Time: 10 minutes Note : This article contain two parts one for Blue Teams and the other for red teams. go to the part you interested in or read both if you are purple team guy 😀 . MuddyWater is a well-known threat actor group founded by Iran. “that has been active since 2017. They target groups across Middle…

Unveiling Octopus: The pre-operation C2 for Red Teamers

Estimated Reading Time: 6 minutes This year in BlackHat London 2019, I presented my tool Octopus in BlackHat Arsenal, and it was really fun to present the tool in front of some talented hackers and hear a feedback about the tool from them. So I just wanted to share a complete guide on how you can use Octopus the Pre-Operation…