Reducing your work load, one post at a time.
At Countercept, we love to share. Whether it’s sharing our latest code for decompiling malware, demystifying the latest news on cyber security, or our best practice for business enablement and minimizing organizational risk, you’ll find it here.
What is Continuous Response?
Determining your organization’s level of response readiness comes down to one question: are you prepared to fight an attacker live in action? Or, put another way, could you stop an attack, before it stops you?
Dechaining Macros and Evading EDR
Analysis of ShadowHammer ASUS Attack First Stage Payload
Dynamic Shellcode Execution
AV solutions are commonly used to detect malicious files and often rely on static analysis to separate the good from the bad. This approach works if the file itself contains something malicious but what happens if an attacker uses a light-weight stager to instead download and load code into memory on-the-fly?
Hunting for SILENTTRINITY
SILENTTRINITY (byt3bl33d3r, 2018) is a recently released post-exploitation agent powered by IronPython and C#. Our latest blog post delves into how it works and shows techniques for detecting its use.
Detecting Parent PID Spoofing
In this blog, we will explore how this technique works and how defenders can utilize Event Tracing for Windows (ETW) to detect this technique.
Gargoyle Memory Scanning Evasion for .NET
Luke Jennings investigates a .NET spiritual equivalent of the Gargoyle memory scanning evasion technique and shares strategies that can be used for detecting it.