Massaging your CLR: Preventing Environment.Exit in In-Process .NET Assemblies - MDSec
This post details how you can massage your CLR harness in to a desired state.| MDSec
This post details how you can massage your CLR harness in to a desired state.| MDSec
Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams| MDSec
Introduction The motivation to bypass user-mode hooks initially began with improving the success rate of process injection. There can be legitimate reasons to perform injection. UI Automation and Active Accessibility will use it...| MDSec
Introduction In-memory tradecraft is becoming more and more important for remaining undetected during a red team operation, with it becoming common practice for blue teams to peek in to running...| MDSec
After the introduction of PowerShell detection capabilities, attackers did what you expect and migrated over to less scrutinised technologies, such as .NET. Fast-forward a few years and many of us...| MDSec
