Chloroform - YAAK

Chloroform - Yet-another-AntiVirus-Killer that showcases what can be done with BYOVD and how one can disable and kill a XDR on Windows 10 and Windows 11

CVE-2025-NoOneCares

A few months ago I was joking around with a colleague how cool it would be to use a vulnerable driver for one of our next RedTeam-Engagements. Well, from there on I went down a big rabbit-hole and started hunting for vulnerable drivers. Let me show you how

Meterpreter vs EDR 2024 - P1

With the latest RedTeam Engagement wrapped up, I was going through the lessons learned and figured that I needed to improve/refine my toolset again to be able to evade the EDR/AV/XDR and successfully run my payload. Tools get signatured over time, techniques become outdated, and what I

Ransomware - level: stupid

We (Data-Sec) just came out of an IR. After everything had been wrapped up, we quickly went back to our usual daily tasks and also our normal working hours. Other than the last IR this one still annoys me a bit. The attacker we encountered this time seemed to

UnBitlockered - 0 to SYSTEM

When it comes to device encryption most companies rely on Bitlocker which in turn relies on the TPM to secure and encrypt your data on disk. Most EDR and XDR-Solutions also rely on Bitlocker and TPM and do nothing but just managing the keys or encryption-state for you.

DIY cloud - Being paranoid

“Good old days” Do you remember the time when the internet was still a “new thing” and totally not riddled with ads and the need to commercialize everything? When niche hobby's were not controlled by “influencers”, huge sponsors and ad-networks spying on you, trying to collect as

How to get around NGAV & EDR

Working as part of a Red Team or as Penetration tester, you surely know how awesome it feels to finally get a SYSTEM-Shell on your system of choice. Owning the system despite all the efforts of the defenders is always satisfying. Even better if you were able to get