It is easy to script analysis steps with IDAPython, but now we want to automate this analysis over, let’s say, 10,000 files. I did a quick Google and I couldn’t find a guide on how to p…

Explore cutting-edge cybersecurity research and analysis from LevelBlue Labs. Gain deep insights into emerging threats and innovative defenses

While analyzing real-world systems, memory analysts will often encounter anti-virus (AV) engines, EDRs, and similar products that, at first ...

Automate your RedELK infrastructure deployment with Ansible, streamlining your red team operations and enhancing visibility with a scalable ELK stack,…

Estimated Reading Time: 15 minutes Establishing a red team infrastructure for your operation is something you need to take care of every time, and you need to make sure it’s working without any obstacles before you begin your operation. Every time I start…

Introduction In-memory tradecraft is becoming more and more important for remaining undetected during a red team operation, with it becoming common practice for blue teams to peek in to running...

Kerberos protocol attacker

Author: Nikolaos Pantazopoulos Co-author: Stefano Antenucci (@Antelox) And in close collaboration with NCC’s RIFT. 1. Introduction Publicly discovered in late April 2020, the Team9 malware fa…

This post is Part III in a series about my experiences attacking FreeIPA. In Part I of this series, we reviewed some of the background and…

A post exploitation framework designed to operate covertly on heavily monitored environments - bats3c/shad0w

It turns out that there is a method of disabling ETW in .NET, strangely exposed by setting an environment variable of COMPlus_ETWEnabled=0. This post explores how this works.

PoC exploiting Aligned Chunk Confusion on Windows kernel Segment Heap - synacktiv/Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion

Leveraging Terraform and Ansible to automate the deployment of Active Directory labs in Azure.