Introduction Building upon the last technique for bypassing AppLocker default rules, this blog post aims to add another technique for bypassing CLM and executing PowerShell code. As per Microsoft’s own definition: PowerShell Constrained Language is a language mode of PowerShell designed to support day-to-day administrative tasks, yet restrict access to Read more…
Introduction After establishing a foothold inside a corporate Windows environment, there’s a considerable chance for an adversary to encounter several defenses in place. This blog post aims on showcasing a technique for bypassing application control policies that can be employed through AppLocker. Application Control and Whitelisting Another mechanism commonly employed Read more…
Introduction This blog post aims on showcasing a technique for Windows local payload execution, in addition to evading Antivirus solutions. The What and Why Process Injection has been around for many years, however, it is still heavily used by APT groups and therefore for Adversary Simulation. Adversaries may inject code Read more…
Introduction Following up on the first part of the series, this blog post will expand and showcase techniques for initial access with client-side code execution. A technique that recently gained popularity is HTML Smuggling, which consists of storing a payload file in a JavaScript blob and delivered through a seemingly Read more…
Please note: the information and techniques described in the series are targeted at security enthusiasts and/or professionals for learning purposes and professional consultancy services. This does not, by any means, promote or incentivize the usage of the techniques for any cyber crime or illegal purposes. The author may not be Read more…