Microsoft

Modern Defenses and YOU!

Part 9 of Advanced Threat Tactics covers a lot of my thoughts on evasion. The ideas in that lecture are still relevant, the defenses discussed there didn’t go away! That said, there are other defenses and realities offensive operators must contend with today. This blog post discusses…

SharpHound: Technical Details

In the previous blog post, we focused on SharpHound from an operational perspective, discussing some of the new features, as well as improved features from the original ingestor. In this post, we’ll talk more about the technical and underlying changes made to the ingestor that…

UMCI Bypass Using PSWorkFlowUtility: CVE-2017–0215

SharpHound: Evolution of the BloodHound Ingestor

Bypassing AMSI via COM Server Hijacking

Microsoft’s Antimalware Scan Interface (AMSI) was introduced in Windows 10 as a standard…

Defeating Device Guard: A look into CVE-2017–0007