Showing Articles About
hta
-
Alfie Champion 
Riccardo Ancarani - 7 Apr 2021
Attack Detection Fundamentals 2021: Windows - Lab #1
This article details a cybersecurity workshop demonstrating advanced Windows endpoint attack techniques for initial access. An HTA-based attack method was developed that drops a DLL and uses registration-free COM activation to execute a malicious payload. The payload involves shellcode injection, AMSI bypassing, and process injection techniques targeting Windows endpoints.
- Alfie Champion Riccardo Ancarani
- 7 Apr 2021
Attack Detection Fundamentals 2021: Windows - Lab #2
This article explores advanced defense evasion techniques in Windows cybersecurity, focusing on API unhooking and ETW bypassing. The lab demonstrates methods attackers can use to minimize their detection footprint during endpoint attacks, such as removing API hooks and disabling event tracing. Techniques include intercepting API calls, unhooking ntdll.dll, and manipulating .NET runtime event tracing to avoid security monitoring.
- Riccardo Ancarani
- 24 Jun 2020
Attack Detection Fundamentals: Initial Access - Lab #2
This article explores attack detection techniques for initial access using the Koadic post-exploitation framework deployed via an HTA file. The lab focuses on identifying suspicious process and network connection relationships using Sysmon event logs. Key objectives include detecting anomalous binaries and network connections as potential indicators of compromise.
- Riccardo Ancarani
- 24 Jun 2020
Attack Detection Fundamentals: Initial Access - Lab #3
This article details a multi-stage initial access attack technique used by the Cobalt Kitty group involving a malicious Word macro. The attack creates a scheduled task to execute an obfuscated PowerShell payload that ultimately injects a Cobalt Strike beacon into memory. The walkthrough explores detailed steps of crafting a beacon delivery mechanism while highlighting potential detection strategies.