all InfoSec news
Creating an OPSEC safe loader for Red Team Operations
Malware Analysis, News and Indicators - Latest topics malware.news
As Red Teamers, we need an OPSEC safe method to execute shellcode via a range of initial access vectors. Things are getting more and more difficult with Endpoint and Detection (EDR) products improving, making it more challenging to get an implant.
This post is going to present a slightly new method for bypassing EDR, commonly known as CreateThreadPoolWait
. However, instead of using kernel32.dll
we will use ntdll.dll
.
GitHub: https://github.com/nettitude/Tartarus-TpAllocInject
The loader published above uses the the bypass technique …
access detection edr endpoint forensics implant initial access loader making operations opsec products red team red team operations safe shellcode team things