Behind the Mask: Spoofing Call Stacks Dynamically with Timers
This blog introduces a PoC technique for spoofing call stacks using timers. Prior to our implant sleeping, we can queue up timers to overwrite its
Cobalt Strike and YARA: Can I Have Your Signature?
Over the past few years, there has been a massive proliferation of YARA signatures for Beacon. We know from conversations with our customers that this
Introducing the Mutator Kit: Creating Object File Monstrosities with Sleep Mask and LLVM
This is a joint blog written by William Burgess (@joehowwolf) and Henri Nurmi (@HenriNurmi). In our ‘Cobalt Strike and YARA: Can I Have Your Signature?’