Reducing your work load, one post at a time.
At Countercept, we love to share. Whether it’s sharing our latest code for decompiling malware, demystifying the latest news on cyber security, or our best practice for business enablement and minimizing organizational risk, you’ll find it here.
Hunting for SILENTTRINITY
SILENTTRINITY (byt3bl33d3r, 2018) is a recently released post-exploitation agent powered by IronPython and C#. Our latest blog post delves into how it works and shows techniques for detecting its use.
Detecting Parent PID Spoofing
In this blog, we will explore how this technique works and how defenders can utilize Event Tracing for Windows (ETW) to detect this technique.
Threat Hunting - The Beginner's Guide
If we strip away the hype and the marketing dollars, what actually is threat hunting, who needs to do it, and how do we do it? Find out in this beginner's guide.
Gargoyle Memory Scanning Evasion for .NET
Luke Jennings investigates a .NET spiritual equivalent of the Gargoyle memory scanning evasion technique and shares strategies that can be used for detecting it.
Gartner: What to look for in an MDR partner?
Breaking down the NCSC's top five hacking tools
The NCSC has named five publicly available hacking tools used in recent cyberattacks. But how do you detect and respond to attacks that leverage these tools?