How Interview Cheating Tools Hide from Zoom
Interview Coder has been making waves on my X timeline. The tool promises to quietly deliver AI-generated answers for coding interview questions, evading the screen capture feed your interviewer uses …
March 2025
Tuesday, March 25
October 2022
Friday, October 14
Demystifying Endpoint Detection and Response (Conference Talk)
I gave a talk for OzSec 2022 about Endpoint Detection and Response software – discussing the architecture, design & common bypass techniques at the time. Unfortunately, the talk was not …
June 2022
Wednesday, June 22
Extracting Whitelisted Paths from Windows Defender ASR Rules
This blog post was made possible by the fantastic work and research done by @commail which you can read here. Background Recently I was presented with a scenario where I wanted to dump lsass.exe on a …
March 2022
Wednesday, March 9
Password Cracking in the Cloud with Hashcat and Vast.ai
Cracking hashes with the power of cloud compute is nothing new and there have been several methods to accomplish this over the years. Recently I’ve been toying around with Vast.ai as a …
August 2021
Friday, August 6
Sleeping with a Mask On (Cobalt Strike)
In Cobalt Strike 4.4, Sleep Mask Kit was released to help operators customize the encryption algorithm used to obfuscate the data and strings within beacon’s memory. By default it uses a 13-byte …
July 2021
Friday, July 30
Evading EDR in 15 Minutes with ScareCrow
During red team engagements, we frequently encounter EDR solutions. We deploy a lot of Cobalt Strike, and I wanted to write up a short blog post on how you can quickly deploy a beacon (or your own …