Ransomware is still one of the most common incidents Tevora’s Digital Forensics and Incident Response responds to. There are many ways to hunt for threats and resources for a responder to utilize. Tevora's process in an Incident Response engagement will generally involve both active threat hunting and malware analysis.…
With many defenders keenly focused on identifying malicious activity including lateral movement, we as attackers must adapt techniques beyond the vanilla offerings of our typical toolsets. These built pivoting in techniques, such as WMI and PSExec pivots in Cobalt Strike, are very convenient but often set off many alarms. We…
Windows has a rich security model that is worth understanding to operate effectively on a red team or pentest. There are many great resources that discuss this topic. We will reference them and attempt to distill the foundational concepts and the operational points you should know. Specifically, we will focus…
During a whitebox code review, having graphical representations of the layout of the code base can be highly beneficial, as the tester has limited time to learn and analyze the structure of the project. The .NET Compiler Platform SDK, or Roslyn, which provides the Microsoft.CodeAnalysis namespace, can be utilized…
During an engagement, having an email list for your target can be useful for a variety of reasons. When it comes to social engineering and password spraying, more email addresses translate to higher chances of success. While some clients will provide an employee directory, for others it may be necessary…
