Yearly Archives: 2023

very simple modifications to a Meterpreter shellcode dropper can be sufficient to bypass modern EDRs

Introduction When I talk about EDRs in this article, I mean a combination of endpoint protection (EPP) and endpoint detection and response (EDR). I also want to define the term “evasion” in the context of EDRs and malware. When I talk about the fact that it is or has been …

Read More »

Inspect RDP traffic in Wireshark

Wireshark RDP resources Looking for a way to capture and inspect RDP traffic in Wireshark? You’ve come to the right place! SSLKEYLOGFILE Many applications, including browsers, support the SSLKEYLOGFILE environment variable with a path to a text file where TLS pre-master secrets are dumped. This format is supported by Wireshark …

Read More »