Attacking #EDRs Part 4: #Fuzzing Defender's Scanning and Emulation Engine (mpengine.dll)

https://labs.infoguard.ch/posts/attacking_edr_part4_fuzzing_defender_scanning_and_emulation_engine/

Southern Water considers shipping supplies from Norwegian fjords to UK | Water industry | The Guardian
https://www.theguardian.com/business/2024/sep/26/southern-water-considers-shipping-supplies-from-norwegian-fjords

#SouthernWater
#UK
#ExtremeDroughtResilienceService
#EDRS
#Norway
#Fjords
#Macquarie
#ThamesWater

#cybersecurity #offensivesecurity #infosec #redteam #edrs

EDR bypassing via memory manipulation techniques

https://labs.withsecure.com/publications/edr-bypassing-via-memory-manipulation-techniques

Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL). Mangle can remove known Indicators of Compromise (IoC) based strings and replace them with random characters, change the file by inflating the size to avoid #edrs and can clone code-signing certs from legitimate files. In doing so, Mangle helps loaders evade on-disk and in-memory scanners.
#infosec #cybersecurity #redteam

https://github.com/optiv/Mangle

#offensivesecurity #ChatGPT #csharp #pentesting #redteaming

as i said years ago C# #programming and #csharp #Offensive codes is really good for #bypassing #Antiviruses and #EDRs also modern #malwares will use C# codes, because still Antivirus companies focus is on C/C++ codes more than others codes like C# also C# in-memory attacks really was successful experience against Anti-viruses (those days, even these days ;D) , now we see a lot #pentesting course via C# programming also a lot #redteaming C# Codes and Offensive C# Codes and Courses, that because Pentesters and Red-teamers really know what they can do by C# in win7,10,11 etc so this will be continue
But Some "beginner" Pentesters/Red-teamers think C# is not Useful for making Offensive codes which is "wrong mindset"

i can explain why C# Offensive programming is really useful and good for Pentesters/red-teamers etc, for example how you can use Windows #API programming to #bypass AVs/EDRs also how you can use .NET Features for compiling codes in-memory for bypassing AVs also why C# codes still is not in top priority for detecting via AVs and a lot #methods and #techniques which is #unique in .net and C# which you have not them in C/C++ very simple and ...

But

for explaining these C#.Net features "step-by-step with details" i use "ChatGPT" to explain much better for you.
so i + "ChatGPT" made our first Video together for you all to "explain technical details" why C# is one of top languages for #offensive programming .... ;D👇

those Cyber Security guys which called itself #pentester or #Redteamer or #SecurityResearcher "just because" they are in university (learning something As [basics ;D more often] or academic things or out-of-date things ;D) and they "did not have any Experience" in Cyber Security Fields (even 1 year) and some of them even did not have any good/unique/new Cyber Security Research or tools/codes (which shared before to public).
and yeah we call them beginner "geniuses" in cyber security lol

Vs

those Cyber Security Guys which they have at least 3-5 years experience of learning real/new/unique things in these fields like #penetrationtesting or #redteaming or #securityresearch .

believe me your academic things are "Bullshit" and your instructors did not have updated content , they even don't have good viewpoint for cyber security fields like Penetration test or ... ,more often they don't have any experience of working with Offensive tools like Modern C2 servers, they don't know how you can write Offensive Codes like Writing #C2 server/agent (and why should do that) or they don't know how you can writing Offensive codes for bypassing #avs or #EDRs or #bypassing other things ... you don't know about these things or a lot other things which you should learn them outside of university "by yourself".

you can learn these things from #infosec #communities (with read Articles or Learn Courses which shared Publicly or Privately by #SecurityResearchers and #Pentesters or #redteamers or #blueteamers) and you need at least 2-3 years experiences for learn these new things.

Some guys think if you know all tools in Kali linux then you can call yourself #Pentester or Red-teamer, which is not true "geniuses".
Penetration testing is not about Tools , its about background "concepts" of tools omfg "remember this". (its about logic behind tools)