Dropping new LOLBin/LOLBAS inspired project today called LOLGlobs, to document some cool ways of commandline evasion using wildcards and some other obfuscation techniques that go beyond B64 encoding: https://t.co/weesvN45Vd
Apollo postexp capabilities have tested pretty well against Microsoft ATP. Good opsec with Inline assembly, powershell execution etc. Has been an easier time testing compared to Cobalt Strike. WDAC and device hardening included.๐ป
#Mythic#Apollo#EDR#maldev#cobaltstrike#ATP
Lesson of the day: LOLBins can be an option to get past the execution phase, but are more risky post exploitation. Seeing the likes of excel.exe have a lot more trust from the O/S + Microsoft ATP and are allowed to do a lot more without losing the implant.
#redteam#offsec#c2
@_RastaMouse Can I audition to be co-host? Seriously. I'm dynamite as a presence and have been thinking of doing something similar already. Would be a great link up! ๐
So yesterday I cancel my Malwarebytes account, fully deleted, got no confirmation email. Today my subscription has been renewed. What kind of scam are u running @Malwarebytes? Please reach out.