Mastodawn

DrewSec Sep 4, 2025

BYOVD: Leveraging Raw Disk Reads to Bypass EDR

Interesting write up on using vulnerable drivers to read the raw disk of a Windows system and extract files without ever touching those files directly. This subsequently allows the reading of sensitive files, such as the SAM.hive, SYSTEM.hive, and NTDS.dit, while also completely avoiding detection from EDR.

#cybersecurity #infosec #hacking #malware #redteam

https://medium.com/workday-engineering/leveraging-raw-disk-reads-to-bypass-edr-f145838b0e6d

Leveraging Raw Disk Reads to Bypass EDR

Drivers are a common part of every Windows environment, and many of them provide low-level functionality. This blog details how to connect…

Medium

DrewSec Dec 4, 2023

Walkthrough showcasing how the EvilSlackbot #redteam framework can be used to send simulated phishing messages, malicious files, and exfiltrate leaked secrets from Slack Workspaces
https://drew-sec.github.io/EvilSlackbot/
#cybersecurity #pentesting #cybersec #phish #hacking

EvilSlackbot: A Slack Attack Framework

DrewSec Nov 27, 2023

EvilSlackbot: A Slack Attack Framework. Use this tool for red teaming and conducting Phishing simulations within Slack workspaces. Send Spoofed messages, phishing links, files, and search Slack for leaked secrets.
https://github.com/Drew-Sec/EvilSlackbot
#cybersecurity #redteam #infosec #pentesting #hacking

GitHub - Drew-Sec/EvilSlackbot: A Slack bot phishing framework for Red Teaming exercises

A Slack bot phishing framework for Red Teaming exercises - GitHub - Drew-Sec/EvilSlackbot: A Slack bot phishing framework for Red Teaming exercises

GitHub

DrewSec Nov 7, 2022

Check out this new phishing technique using Google Calendar and Evilginx to deliver a malicious Zoom link.

#redteam #infosec #cybersecurity #pentesting
https://drew-sec.github.io