davehull

trustedsignal -- blog

A relatively recent post showed how Metasploit's Meterpreter module made some noise on endpoints when the migrate command was used to move the agent code into a legitimate process, spoolsv.exe in our example.One of the things we saw in that post was that when the agent migrates, it uses commonplace ... Read More

In my previous post on detecting and investigating Meterpreter's Migrate functionality, I went down a rabbit hole on the initial PowerShell attack spawned by and Excel macro. In that payload was a bit of shellcode and I mentioned that I'd like to return to it at some point in the ... Read More

I mentioned on LinkedIn yesterday that I'm looking for a new role. For recruiters and interested parties, I thought I should provide some background about what I've been doing for the last four and a half years.I left Microsoft back in September of 2015. It was a difficult decision. I ... Read More

00101110 00000000 00000110 00001101 00000011 00011000 00001101 01010100 00001000 00001101 0001001000000001 00011000 00000111 00000001 00010110 01001101 00001110 00010010 01001001 00010111 0001101100001000 01000001 00010111 00000001 00010101 00000101 00000100 00000110 01001001 00010111 0001011000010101 00010101 01010100 00000001 00001011 01001101 00010101 00011100 00000000 00010000 0101001100011101 00001110 00000111 00011100 01000101 00001110 00000000 00011010 01001001 00001111 ... Read More

I was recently reminded of Rear Admiral Grace Hopper remark:The most damaging phrase in the language is “We’ve always done it this way!”When I was in high school I was a lifeguard at a waterpark with a wave pool, water slides, a cave with a waterfall, a pair of monorails ... Read More