隠者 Inja Security
隠者 Inja Security
  • Home
  • ~$ whoami

August 2023

Defense Evasion

Bypassing PowerShell CLM with Custom Runspaces

Introduction Building upon the last technique for bypassing AppLocker default rules, this blog post aims to add another technique for bypassing CLM and executing PowerShell code. As per Microsoft’s own definition: PowerShell Constrained Language is a language mode of PowerShell designed to support day-to-day administrative tasks, yet restrict access to Read more…

By Matheus Boschetti, 2 yearsAugust 24, 2023 ago
Defense Evasion

Striking Blue: Picking Digital Lockers

Introduction After establishing a foothold inside a corporate Windows environment, there’s a considerable chance for an adversary to encounter several defenses in place. This blog post aims on showcasing a technique for bypassing application control policies that can be employed through AppLocker. Application Control and Whitelisting Another mechanism commonly employed Read more…

By Matheus Boschetti, 2 yearsAugust 20, 2023 ago
Defense Evasion

Leveraging Process Injection for AV Evasion

Introduction This blog post aims on showcasing a technique for Windows local payload execution, in addition to evading Antivirus solutions. The What and Why Process Injection has been around for many years, however, it is still heavily used by APT groups and therefore for Adversary Simulation. Adversaries may inject code Read more…

By Matheus Boschetti, 2 years ago

Recent Posts

  • CVE-2024-29320: SQL Injection in Wallos
  • CVE-2024-27613: Arbitrary File Manipulation in Numbas
  • Bypassing PowerShell CLM with Custom Runspaces
  • Striking Blue: Picking Digital Lockers
  • Leveraging Process Injection for AV Evasion

Archive

  • April 2024
  • March 2024
  • August 2023
  • July 2023
  • June 2023
  • January 2023
  • October 2022
  • July 2022
  • April 2022
  • February 2022

Categories

  • Application Security
  • Binary Exploitation
  • Certification Review
  • Defense Evasion
  • Malware Development
  • Open Source Software (OSS)
  • Phishing
  • Red Team
  • Security Research
  • ~$ whoami
Hestia | Developed by ThemeIsle