The machine emulator has been abused in at least two different campaigns distributing ransomware and remote access tools.

The post Hackers Abuse QEMU for Defense Evasion appeared first on SecurityWeek.

moth // Introduction  One fateful night in June of 2022, Ethan sent a message to the crew: “Anyone know ways to fool Auditd on Linux? I’m trying to figure out how to change the auid (audit […]

The post Auditd Field Spoofing: Now You Auditd Me, Now You Auditdon’t appeared first on Black Hills Information Security, Inc..

Kyle Avery // Introduction This post compliments a presentation I gave at DEF CON 30 – “Avoiding Memory Scanners: Customizing Malware to Evade YARA, PE-sieve, and More,” which included the […]

The post Avoiding Memory Scanners appeared first on Black Hills Information Security, Inc..

Sally Vandeven // Evading anti-virus scanners has become a bit of a sport around BHIS.  When we do C2 testing for our customers we start with a host on the […]

The post Click to Enable Content appeared first on Black Hills Information Security, Inc..

Joff Thyer //   When performing a penetration of test of organizations with Windows desktops, many testers will now resort to using tools like Veil’s Powershell Empire in order to […]

The post Modifying Metasploit x64 template for AV evasion appeared first on Black Hills Information Security, Inc..