blog category

Research & Tradecraft

image for Introducing Ghostwriter: Part 2

Research & Tradecraft

Introducing Ghostwriter: Part 2

By: Christopher Maddalena
Jul 30, 2019 • 10 min read
Read Post
image for CVE-2019–13382: Local Privilege Escalation in SnagIt

Research & Tradecraft

CVE-2019–13382: Local Privilege Escalation in SnagIt

By: Matt Nelson
Jul 24, 2019 • 9 min read
Read Post
image for CVE-2019–13142: Razer Surround 1.1.63.0 EoP

Research & Tradecraft

CVE-2019–13142: Razer Surround 1.1.63.0 EoP

By: Matt Nelson
Jul 5, 2019 • 5 min read
Read Post
image for The Curious Case of QueueUserAPC

Research & Tradecraft

The Curious Case of QueueUserAPC

Summary Due to the nature of the .NET compiled language runtime, user asynchronous procedure calls (APCs)...

By: Dwight Hohnstein
Jul 1, 2019 • 9 min read
Read Post
image for Diving into the Security Analyst’s Mind

Research & Tradecraft

Diving into the Security Analyst’s Mind

By: Jared Atkinson
May 30, 2019 • 11 min read
Read Post
image for Designing Peer-To-Peer Command and Control

Research & Tradecraft

Designing Peer-To-Peer Command and Control

By: Ryan Cobb
May 1, 2019 • 19 min read
Read Post
image for Lateral Movement — SCM and DLL Hijacking Primer

Research & Tradecraft

Lateral Movement — SCM and DLL Hijacking Primer

Summary As Defenders increase in maturity, the more they are able to leverage built-in utilities against...

By: Dwight Hohnstein
Apr 18, 2019 • 11 min read
Read Post
image for Revisiting TTPs: TimeStomper

Research & Tradecraft

Revisiting TTPs: TimeStomper

In this post, I will cover how to manipulate file times on the Windows OS. Manipulating...

By: Justin Bui
Apr 16, 2019 • 8 min read
Read Post
image for Merlin v0.7.0 Release & Roll-up

Research & Tradecraft

Merlin v0.7.0 Release & Roll-up

By: Russel Van Tuyl
Apr 12, 2019 • 10 min read
Read Post