This is a joint blog written by William Burgess (@joehowwolf) and Henri Nurmi (@HenriNurmi). In our ‘Cobalt Strike and YARA: Can I Have Your Signature?’ blog post, we highlighted that the sleep mask is a common target for in-memory YARA signatures. In that post we recommended using the evasive sleep mask option to scramble the … Continue reading Introducing the Mutator Kit: Creating Object File Monstrosities with Sleep Mask and LLVM […]

Read More… from Introducing the Mutator Kit: Creating Object File Monstrosities with Sleep Mask and LLVM