Explore >> Select a destination
|
You are here 
|
www.msreverseengineering.com | ||
| | | | |
blog.tetrane.com
|
|
| | | | | ||
| | | | |
sean.heelan.io
|
|
| | | | | A few months back I started Persistence Labs with the goal of developing better tools for bug discovery, reverse engineering and exploit development. I've also moved my blog over to that domain and the new RSS feed is here. Anyway, that's about it really =) I'll be making any future blog posts over there, starting... | |
| | | | |
ogmini.github.io
|
|
| | | | | Currently, writing this with no power and internet. Luckily, I made progress earlier in the day with writing a testing/validation UWP application. The 36 data types lines up with what I'm seeing and testing. I'm still working on reverse engineering the Composite Value key. | |
| | | | |
forensicitguy.github.io
|
|
| | | In this post I want to take a look at a PowerShell-based Cobalt Strike beacon that appeared on MalwareBazaar. This particular beacon is representative of most PowerShell Cobalt Strike activity I see in the wild during my day job. The beacons often show up as service persistence during incidents or during other post-exploitation activity. If you want to follow along at home, the sample I'm using is here: | ||
