TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Black Hills InfoSec

Red Teaming: A Story From the Trenches

BHIS · 2024-04-18 · Read original ↗

ATT&CK techniques detected

4 predictions
T1218.010Regsvr32
97%
“a lot of the current application allowlisting bypasses that are fairly widely published now were not really public knowledge. as i was researching around the internet for application allowlisting bypasses, i came across a few twitter posts from @ subtee and, having encountered so…”
T1059.004Unix Shell
57%
“attempt to interpret any form of script. instead, the attack read the required shellcode from a file or web server and directly executed base64 - encoded shellcode contained within that file or url. after we tested and ensured that the custom malware would successfully evade the …”
T1204.002Malicious File
52%
“aka threat actor ) had just run in the door and dropped a malware payload, only to exit stage left and somehow completely avoid revealing his purpose by virtue of lucky timing?! as was also discovered later, it was fortuitous that ethan even found an unoccupied workstation withou…”
T1055.001Dynamic-link Library Injection
43%
“red teaming : a story from the trenches red teaming : a story from the trenches security consultant, malware researcher, new technology researcher evangelist. this article originally featured in the very first issue of our prompt # zine — choose wisely. you can find that issue ( …”

Summary

This article originally featured in the very first issue of our PROMPT# zine — Choose Wisely. You can find that issue (and all the others) here: https://www.blackhillsinfosec.com/prompt-zine/ I remember a […]

The post Red Teaming: A Story From the Trenches appeared first on Black Hills Information Security, Inc..