Reducing your work load, one post at a time.
At Countercept, we love to share. Whether it’s sharing our latest code for decompiling malware, demystifying the latest news on cyber security, or our best practice for business enablement and minimizing organizational risk, you’ll find it here.
Analysis of ShadowHammer ASUS Attack First Stage Payload
Our Continuous Response methodology has been uniquely developed to stop attacks as they are happening. Download our new whitepaper to get started.
Dynamic Shellcode Execution
AV solutions are commonly used to detect malicious files and often rely on static analysis to separate the good from the bad. This approach works if the file itself contains something malicious but what happens if an attacker uses a light-weight stager to instead download and load code into memory on-the-fly?
RemotePSpy: Remote PowerShell Visibility for Older Versions
Hunting for SILENTTRINITY
SILENTTRINITY (byt3bl33d3r, 2018) is a recently released post-exploitation agent powered by IronPython and C#. Our latest blog post delves into how it works and shows techniques for detecting its use.
Detecting Parent PID Spoofing
In this blog, we will explore how this technique works and how defenders can utilize Event Tracing for Windows (ETW) to detect this technique.
Threat Hunting - The Beginner's Guide
If we strip away the hype and the marketing dollars, what actually is threat hunting, who needs to do it, and how do we do it? Find out in this beginner's guide.