Obfuscating API Patches to Bypass New Windows Defender Behavior Signatures

Leave a Comment / Blog Posts, Offensive Security, Red Team Techniques /

Introduction I’ve got a short post today based on some recent changes by Windows Defender. Over the weekend, I noticed that some of my unit tests began failing on code that had not been recently changed. Upon further investigation, I found that it was specifically related to the AMSI bypass through API call patching. This […]

Obfuscating API Patches to Bypass New Windows Defender Behavior Signatures Read More »

Extracting Credentials From Windows Logs

1 Comment / Blog Posts, Offensive Security, Red Team Techniques /

Overview During a recent engagement, I observed a lot of members of a particular organization authenticating with remote systems and services over the commandline with username and password in plaintext. This ranged from domain administrators using the net user command to create user accounts and updated passwords to database administrators managing their instances with commandline

Extracting Credentials From Windows Logs Read More »

Scroll to Top