Reducing your work load, one post at a time.
At Countercept, we love to share. Whether it’s sharing our latest code for decompiling malware, demystifying the latest news on cyber security, or our best practice for business enablement and minimizing organizational risk, you’ll find it here.
Analysis of ShadowHammer ASUS Attack First Stage Payload
Dynamic Shellcode Execution
AV solutions are commonly used to detect malicious files and often rely on static analysis to separate the good from the bad. This approach works if the file itself contains something malicious but what happens if an attacker uses a light-weight stager to instead download and load code into memory on-the-fly?
Hunting for SILENTTRINITY
SILENTTRINITY (byt3bl33d3r, 2018) is a recently released post-exploitation agent powered by IronPython and C#. Our latest blog post delves into how it works and shows techniques for detecting its use.
Detecting Parent PID Spoofing
In this blog, we will explore how this technique works and how defenders can utilize Event Tracing for Windows (ETW) to detect this technique.
Threat Hunting - The Beginner's Guide
If we strip away the hype and the marketing dollars, what actually is threat hunting, who needs to do it, and how do we do it? Find out in this beginner's guide.
Gargoyle Memory Scanning Evasion for .NET
Luke Jennings investigates a .NET spiritual equivalent of the Gargoyle memory scanning evasion technique and shares strategies that can be used for detecting it.