Reducing your work load, one post at a time.
At Countercept, we love to share. Whether it’s sharing our latest code for decompiling malware, demystifying the latest news on cyber security, or our best practice for business enablement and minimizing organizational risk, you’ll find it here.
Abusing Windows Library Files for Persistence
We explore how attackers can exploit this little known persistence technique and provide tips on how to hunt for it.
Hunting for Gargoyle Memory Scanning Evasion
Most of the techniques we see used in the wild leave enough artefacts that they can be detected reliably from user-mode. However, sometimes we come across a technique which is best analysed from kernel mode.
Analyzing Sharpshooter – Part 2
Following on from part 1, this article focuses on the functionality of the stageless Sharpshooter payload and its delivery mechanisms.
Detecting Malicious Use of .NET – Part 2
Analyzing Sharpshooter – Part 1
We take a deep dive into Sharpshooter, an open source C# payload creation and delivery tool built by MDSec, and look at how defenders can detect such activity.
Detecting Malicious Use of .NET - Part 1
Using Snake to Perform Malware Analysis
Case Study: Finance Sector
Countercept was contacted by a financial institution in the midst of an active compromise. After engaging MWR’s Incident Response team to perform forensic analysis to identify the extent of and contain the compromise, Countercept was retained as the institution’s Managed Detection and Response provider.