Hiding your .NET - ETW - XPN InfoSec Blog
In this post we will focus on Event Threading for Windows (ETW), how it is used to surface events on .NET assemblies, and how we can evade this kind of detection.| XPN InfoSec Blog
---| XPN InfoSec Blog
In this post we will focus on Event Threading for Windows (ETW), how it is used to surface events on .NET assemblies, and how we can evade this kind of detection.| XPN InfoSec Blog
In this post I will be showing how to build a Azure DevOps pipeline for .NET projects, and hopefully show some techniques which I have found useful to modify build artifacts to make them a bit different, and in some cases, to increase the time it takes to analyse our tools if detected by Blue Team.| XPN InfoSec Blog
A quick example showing loading CLR via native code - clr_via_native.c| Gist
PowerShell has been a staple of offensive tooling for many years now due to its power, prevalence and simplicity. Consequently, Microsoft began introducing better logging options for PowerShell, as well as plugging it in to the Anti-Malware Scan Interface (AMSI) – meaning the industry became much better at spotting malicious PowerShell. However, techniques then evolved […]| F-Secure Blog
