Research on how attackers abuse legitimate Microsoft tools and Windows features.
Active Directory (AD) and Group Policy Objects (GPOs) are vital for enterprise security and configuration. This article explores the silent threat of Group Policy hijacking, …
Discover how to leverage Windows Event Logs to detect and neutralize AMSI bypass techniques used by sophisticated fileless malware and obfuscated scripts.
PowerShell's immense power makes it a prime target for adversaries. Learn how advanced persistent threats bypass Constrained Language Mode (CLM) using runspaces and discover critical …
This article explores DLL sideloading, a sophisticated evasion technique used by attackers. Learn how to detect these stealthy threats and maintain persistence within compromised environments …
This article explores how attackers leverage DLL sideloading with legitimate applications to load malicious Dynamic Link Libraries. Learn to use Windows Event Logs for in-depth …
Active Directory is the backbone of enterprise security, but it's vulnerable to sophisticated threats like the Skeleton Key attack. This article explores how to unmask …
Attackers are increasingly leveraging legitimate system tools like `certutil.exe` for "Living Off The Land" (LOTL) strategies. This technique allows them to blend in, bypass security …
Attackers can leverage legitimate Microsoft signed binaries to load and inject malicious DLLs into running processes, effectively bypassing application whitelisting and endpoint security.
Advanced malware can execute PowerShell commands without ever calling powershell.exe, effectively bypassing many endpoint security solutions. This research explores the techniques used and how to …
Dynamic Data Exchange (DDE) is a legitimate Microsoft Office feature that attackers exploit to execute arbitrary commands without requiring macro-enabled documents.
Microsoft HTML Application Host (mshta.exe) and other HTML interpreters can be leveraged by attackers to execute malicious scripts while evading traditional security controls.