Technical Notes of a Red Teamer https://dec0ne.github.io/ Let me first start by saying I will not be revealing in this post any novel techniques or new research that hasn’t been seen before. I will, however, reveal my own methodology when it comes to finding gaps in EDRs visibility in order to bypass detection. I will do so... Mon, 14 Nov 2022 00:00:00 -0800 https://dec0ne.github.io/2022-11-14-Undetected-Lsass-Dump-Workflow/ https://dec0ne.github.io/2022-11-14-Undetected-Lsass-Dump-Workflow/ Ever since the whole covid-19 situation there has been a growth in the usage of tele-conferencing software such as Zoom, Microsoft Teams, Cisco WebEx and more. A lot of companies had to implement at least one of those software solutions into their infrastructure in order to accommodate the new way... Mon, 26 Apr 2021 00:00:00 -0700 https://dec0ne.github.io/2021-04-26-DLL-Proxying-pt1/ https://dec0ne.github.io/2021-04-26-DLL-Proxying-pt1/ Hey guys,This is gonna be a quick post on a cool project I’ve been working on. I take a class on Pentesting (HDE by See-Security) and my instructor gave us a project to complete. The project was to create a python program that, when given a company name, does the... Tue, 19 Nov 2019 00:00:00 -0800 https://dec0ne.github.io/2019-11-19-Recon-ng-Modules-Post/ https://dec0ne.github.io/2019-11-19-Recon-ng-Modules-Post/ Powershell can be a powerful tool during the post-exploitation phase of our engagements. It packs a lot of native tools that can help us enumerate further beyond our initial foothold and onto the rest of the AD network. Probably, one of the best advantages of Powershell is having access to... Fri, 08 Nov 2019 00:00:00 -0800 https://dec0ne.github.io/2019-11-08-Amsi-bypass-post/ https://dec0ne.github.io/2019-11-08-Amsi-bypass-post/