redteam

Emulating Kimsuky's Initial Access

When choosing an initial access technique, I am a big fan of LNKs. Studying CTI reports, I noticed the constant recurrence of LNKs as an initial access vector across multiple APTs, including APT28,

Hacking C++ (Part 2)

Bypassing CFI What CFI Is Control Flow Integrity (CFI) is a security mitigation that protects against control-flow hijacking attacks by checking if function call is valid. Every compiler has its own implementation

Hacking C++ (Part 1)

Introduction Every high-level language has built-in mechanisms designed to make life easier for programmers. Like any other programming language, C++ provides a wealth of ready-made solutions. Programmers usually don’t

BYOVD: Silencing AV/EDR with CVE-2023-52271

Bring Your Own Vulnerable Device (BYOVD) is a technique used in red teaming that allows users to perform kernel-level actions by exploiting a vulnerable, legitimately signed kernel device driver. Drivers run in