COFFLoader: Building your own in memory loader or how to run BOFs

February 22, 2021
Intro Have you heard of the new Beacon Object File (BOF) hotness? Have you ever thought that you should be able to run those outside of Cobalt Strike? Well, if that’s the case, you came to the right place. In this post, we’ll go through the basic steps of understanding and building an in-memory loader...

SELinux and Auditd

January 7, 2020
In this blog post, I will discuss SELinux and Auditd, how to use them, how to determine what the default policies are doing, and how to add new ones. For those who do not know what SELinux is, it stands for Security-Enhanced Linux. More details about SELinux can be found in the resources section at...
In-Memory Injection graphic

Linux: How’s My Memory

September 18, 2018
Windows in-memory injection is commonplace in current toolsets, there are quite a few methods to do it, and most of them are documented pretty well. Linux in-memory injection is essentially the same, however, not seen in toolsets quite as much. That is why, for this post, I am going to cover four different open-source methods...
close up of penguin

Malware: Linux, Mac, Windows, Oh My!

April 26, 2018
While going through APT write-ups, I’ve been noticing a lot of focus on detecting Windows malware, so we will skip over that. One thing that I haven’t seen much of online, though, is how to hunt for adversaries on Linux systems. For that reason, this blog post will be all about how you can look...
TrustedSec Blogs + Articles logo

Welcome to 2018! A Meltdown and Spectre Run-Through

January 6, 2018
Welcome to 2018! It’s only been a few days into the new year and we already have newly named bugs, thanks to the Google Project Zero, Cyberus Technology, and the Graz University of Technology. Jann Horn, Werner Haas, Thomas Prescher, Daniel Gruss, Moritz Lipp, Stefan Mangard, Michael Schwarz, Paul Kocher, Daniel Genkin, Mike Hamburg, Moritz...
  • Browse by Category

  • Clear Form