Congratulations, You’ve Won a Meterpreter Shell

Congratulations, You’ve Won a Meterpreter Shell

Posted by Josh Stroschein, Ratnesh Pandey and Alex Holland. For an attack to succeed undetected, attackers need to limit the creation of file and network artifacts by their malware. In this post, we analyse an attack that illustrates two popular tactics to evade detection: Avoiding saving file artifacts to disk ... Read More
Ursnif infection chain Bromium blog

Tricks and COMfoolery: How Ursnif Evades Detection

Ursnif is one of the main threats that is effectively evading detection right now (at publication) The dropper uses a COM technique to hide its process parentage WMI is used to bypass a Windows Defender attack surface reduction rule Fast evolution of delivery servers means detection tools are left in ... Read More