John Strand// It’s time for our annual anti virus bypass extravaganza. See why AV can’t be the end all be all solution to your security framework in 2018! And if you already know that but need to implement it? Invite your team! This is always a lot of fun! Slides available here: https://www.dropbox.com/s/96tkxyn4mif3syi/scct2018-Master.pptx?dl=0
John Strand with BHIS testers // Yes, we did this in 2017, but it’s reflecting work done in 2016.
Carrie Roberts // My current favorite exploit is creating malicious outlook rules as described here. The rule is configured to download an executable file with an EXE extension (.exe) when an email with a certain subject line is received. The executable establishes a command and control (C2) session with the attacker’s server. On a recent […]
