Blog

Spray 365: A New Twist on Office 365 Password Spraying

Posted by Mark Hedrick on December 10, 2021

Spray365 Demo

TL;DR The current state of password spraying Office 365 accounts could benefit from new approaches to bypassing Azure AD conditional access policies and other techniques that make it difficult to detect password spraying techniques. Built with Python 3 using Microsoft's Authentication Library (MSAL), Spray365 makes password spraying more effective by identifying insecure conditional access policies and allows for randomized password spraying...Continue reading 

Classic API Unhooking to Bypass EDR Solutions

Posted by Brendan Ortiz on November 29, 2021

Defeating Av

Intro This blog post will be covering the classic technique used to unhook Windows APIs from EDR solutions. API hooking is a technique that is used by anti-virus and EDR solutions in an attempt to monitor process and code behavior in real time. Commonly, EDR solutions will hook Windows APIs in NTDLL.dll because the APIs in the NTDLL.dll...Continue reading 

Reflective DLL Injection in C++

Posted by Brendan Ortiz on October 31, 2021

Dllinjeciton

TL;DR Implant with our encrypted DLL -> allocates memory for the DLL -> put the decrypted DLL into that memory space -> find the offset of the exported ReflectiveLoader function in the DLL -> call the ReflectiveLoader function -> ReflectiveLoader searches backward for the start of the DLL in memory -> allocates a...Continue reading 

Have Questions?
Get Answers