Home About

Maelstrom 7: Static OpSec Review

Breaking down the Maelstrom DLL and Loader to identify and discuss remediations for indicators-of-compromise.

Read More...


Maelstrom 6: Working with AMSI and ETW for Red and Blue

Implementing AMSI and ETW to catch the implant, and then looking at how to bypass it.

Read More...


Maelstrom 5: EDR Kernel Callbacks, Hooks, and Call Stacks

Endpoint Protection and Response is complicated for both offence and defence. In this blog we take a look at Kernel Callbacks, Hooks, and Thread Call Stacks from both an attacker and defenders perspective.

Read More...


Maelstrom 4: Writing a C2 Implant

In this blog, we will discuss how to write a C2 implant for the modern era. We will look at the history of offensive techniques and the progress of defence. We then move into discussing some key concepts before finally writing stage 0, and the implant as a Reflective DLL.

Read More...


Maelstrom 3: Building the Team Server

In this post we are discussing building a C2 Teamserver, common pitfalls, and the difficulty of identifying singular malicious requests.

Read More...


Maelstrom 2: The C2 Architecture

A look into the design choices behind the C2, along side some design concepts to keep it stable, and the workflow smooth.

Read More...


Maelstrom 1: An Introduction

Throughout this series, we will be slowly building out a Command & Control Framework and discussing common implementation, IOCs, and TTPs. Whilst providing Offensive Teams with the information to get a rudimentary POC up and running, we also aim to provide as many detection mechanisms as possible.

Read More...


Bluffy the AV Slayer

As an experiment, we converted default Cobalt Strike shellcode into various forms to see how it would do against static detection. Turns out, quite well. This post introduces a small tool we wrote to automatically mask shellcode in several different ways.

Read More...