Maelstrom 7: Static OpSec Review
Breaking down the Maelstrom DLL and Loader to identify and discuss remediations for indicators-of-compromise.
Maelstrom 6: Working with AMSI and ETW for Red and Blue
Implementing AMSI and ETW to catch the implant, and then looking at how to bypass it.
Maelstrom 5: EDR Kernel Callbacks, Hooks, and Call Stacks
Endpoint Protection and Response is complicated for both offence and defence. In this blog we take a look at Kernel Callbacks, Hooks, and Thread Call Stacks from both an attacker and defenders perspective.
Maelstrom 4: Writing a C2 Implant
In this blog, we will discuss how to write a C2 implant for the modern era. We will look at the history of offensive techniques and the progress of defence. We then move into discussing some key concepts before finally writing stage 0, and the implant as a Reflective DLL.
Maelstrom 3: Building the Team Server
In this post we are discussing building a C2 Teamserver, common pitfalls, and the difficulty of identifying singular malicious requests.
Maelstrom 2: The C2 Architecture
A look into the design choices behind the C2, along side some design concepts to keep it stable, and the workflow smooth.
Maelstrom 1: An Introduction
Throughout this series, we will be slowly building out a Command & Control Framework and discussing common implementation, IOCs, and TTPs. Whilst providing Offensive Teams with the information to get a rudimentary POC up and running, we also aim to provide as many detection mechanisms as possible.
Bluffy the AV Slayer
As an experiment, we converted default Cobalt Strike shellcode into various forms to see how it would do against static detection. Turns out, quite well. This post introduces a small tool we wrote to automatically mask shellcode in several different ways.