How Interview Cheating Tools Hide from Zoom
Interview Coder has been making waves on my X timeline. The tool promises to quietly deliver AI-generated answers for coding interview questions, evading the screen capture feed your interviewer uses …
Cyber
Demystifying Endpoint Detection and Response (Conference Talk)
I gave a talk for OzSec 2022 about Endpoint Detection and Response software – discussing the architecture, design & common bypass techniques at the time. Unfortunately, the talk was not …
Extracting Whitelisted Paths from Windows Defender ASR Rules
This blog post was made possible by the fantastic work and research done by @commail which you can read here. Background Recently I was presented with a scenario where I wanted to dump lsass.exe on a …
Password Cracking in the Cloud with Hashcat and Vast.ai
Cracking hashes with the power of cloud compute is nothing new and there have been several methods to accomplish this over the years. Recently I’ve been toying around with Vast.ai as a …
Sleeping with a Mask On (Cobalt Strike)
In Cobalt Strike 4.4, Sleep Mask Kit was released to help operators customize the encryption algorithm used to obfuscate the data and strings within beacon’s memory. By default it uses a 13-byte …
Evading EDR in 15 Minutes with ScareCrow
During red team engagements, we frequently encounter EDR solutions. We deploy a lot of Cobalt Strike, and I wanted to write up a short blog post on how you can quickly deploy a beacon (or your own …