Outer Web | Explore

Explore >> Select a destination

You are here		0xcybery.github.io Bypass Windows Defender in Windows 11
\|	\|	forensicitguy.github.io Inspecting a PowerShell Cobalt Strike Beacon \| Tony Lambert	1.1 parsecs away Travel
\|	\|	In this post I want to take a look at a PowerShell-based Cobalt Strike beacon that appeared on MalwareBazaar. This particular beacon is representative of most PowerShell Cobalt Strike activity I see in the wild during my day job. The beacons often show up as service persistence during incidents or during other post-exploitation activity. If you want to follow along at home, the sample I'm using is here:	1.1 parsecs away Travel
\|	\|	cocomelonc.github.io Malware development trick 39: Run payload via EnumDesktopsA. Simple Nim example. - cocomelonc	1.2 parsecs away Travel
\|	\|		1.2 parsecs away Travel
\|	\|	cocomelonc.github.io Malware and cryptography 28: RC4 payload encryption. Simple Nim example. - cocomelonc	1.7 parsecs away Travel
\|	\|		1.7 parsecs away Travel
\|	\|	modexp.wordpress.com Invoking System Calls and Windows Debugger Engine \| modexp	22.5 parsecs away Travel
\|		Introduction Quick post about Windows System calls that I forgot about working on after the release of Dumpert by Cn33liz last year, which is described in this post. Typically, EDR and AV set hooks on Win32 API or NT wrapper functions to detect and mitigate against malicious activity. Dumpert attempts to bypass any user-level hooks...	22.5 parsecs away Travel