A few months ago I was joking around with a colleague how cool it would be to use a vulnerable driver for one of our next RedTeam-Engagements. Well, from there on I went down a big rabbit-hole and started hunting for vulnerable drivers. Let me show you how that went.
With the latest RedTeam Engagement wrapped up, I was going through the lessons learned and figured that I needed to improve/refine my toolset again to be able to evade the EDR/AV/XDR and successfully run my payload. Tools get signatured over time, techniques become outdated, and what I
We (Data-Sec) just came out of an IR. After everything had been wrapped up, we quickly went back to our usual daily tasks and also our normal working hours. Other than the last IR this one still annoys me a bit. The attacker we encountered this time seemed to be
When it comes to device encryption most companies rely on Bitlocker which in turn relies on the TPM to secure and encrypt your data on disk. Most EDR and XDR-Solutions also rely on Bitlocker and TPM and do nothing but just managing the keys or encryption-state for you. In short,
“Good old days” Do you remember the time when the internet was still a “new thing” and totally not riddled with ads and the need to commercialize everything? When niche hobby's were not controlled by “influencers”, huge sponsors and ad-networks spying on you, trying to collect as much
Working as part of a Red Team or as Penetration tester, you surely know how awesome it feels to finally get a SYSTEM-Shell on your system of choice. Owning the system despite all the efforts of the defenders is always satisfying. Even better if you were able to get around