Reducing your work load, one post at a time.
At Countercept, we love to share. Whether it’s sharing our latest code for decompiling malware, demystifying the latest news on cyber security, or our best practice for business enablement and minimizing organizational risk, you’ll find it here.
Abusing Windows Library Files for Persistence
We explore how attackers can exploit this little known persistence technique and provide tips on how to hunt for it.
Hunting for Gargoyle Memory Scanning Evasion
Most of the techniques we see used in the wild leave enough artefacts that they can be detected reliably from user-mode. However, sometimes we come across a technique which is best analysed from kernel mode.
Analyzing Sharpshooter - Part 2
Following on from part 1, this article focuses on the functionality of the stageless Sharpshooter payload and its delivery mechanisms.
Detecting Malicious Use of .NET – Part 2
Analyzing Sharpshooter - Part 1
We take a deep dive into Sharpshooter, an open source C# payload creation and delivery tool built by MDSec, and look at how defenders can detect such activity.