Huge thanks to Keith and The Haag™ for their help in getting this set up. Super excited to have Atomic Red Team in impede.ai

Carrie Roberts is teaching another run of her Pay-What-You-Can class, 'MITRE ATT&CK Framework and Tools,' March 5, 12-4 p.m. ET! Details and registration here: antisyphontraining.com/event/mitre-at…

Another Anti-Dote Rx is ready for pickup --- Search PowerShell History and Repeat Commands with Ctrl+R and Ctrl+S | Carrie Roberts
youtube.com/watch?utm_camp…

Be sure to check out Carrie's class, 'PowerShell for InfoSec: What You Need to Know!' → antisyphontraining.com/on-demand-cour…

As always, The DFIR Report brings receipts. Great thread on an unusually well-documented script full of capabilities.

DarkGate emerged as the #6 threat in our Intelligence Insights last month. Our Intel team identified a detection opportunity for this new malware-as-a-service (MaaS). Read more: redcanary.com/blog/intellige…

🛠️ Dive into our latest #LOLDrivers article where we unveil the meticulous process of adding a bulk of drivers, inspired by the excellent research from Takahiro Haruyama 🧵 blogs.vmware.com/security/2023/…

Big shoutout to: Takahiro Haruyama, Florian Roth, Nasreddine Bencherchali, and Jose Enrique Hernandez!

🔗 And…

Carrie Roberts How well, overall, would you say virtualization works on the M chips at this point?

I've just released the next edition of the On Detection series. I investigate why detection rules based on Process Creation are often brittle or easily bypassed. I also provide a framework for discerning when it is appropriate and when it isn't.
posts.specterops.io/on-detection-t…

VMware Fusion now supports copy/paste between host and guest on the M1/M2 Macs (ARM). This makes me very happy!

Come join us for some exciting updates to Atomic Red Team testing. Webcast is Oct 30th!

Hands down my favorite conference of the year.

As Matthew Toussain said, it's more hugs than handshakes here.

Atomic Spotlight: 'Office Test' Registry Key for Persistence #AtomicSpotlight #AtomicRedTeam Red Canary Antisyphon Training youtube.com/live/zWGrdC5G4…

This is a great opportunity to work with an awesome team! And the salary is competitive as well. Check it out!

Atomic Spotlight: Persistent Code Execution with Office Addins #AtomicSpotlight #AtomicRedTeam Red Canary Antisyphon Training youtube.com/live/8_QK287pf…

Today's Anti-Dote Rx: PowerShell: Where Do Those Magic Variables Come From? with Carrie Roberts ! youtube.com/watch?utm_camp…

Be sure to check out Carrie's On-Demand class, 'PowerShell for InfoSec: What You Need to Know!': antisyphontraining.com/on-demand-cour…

Atomic Spotlight: Malware Blocking Execution with 'DisallowRun' Registry Key #AtomicSpotlight #AtomicRedTeam Red Canary Antisyphon Training youtube.com/live/h0aa3QT85…

Atomic Spotlight: LSA Protection, Good ol' Mimikatz, and Wdigest #AtomicSpotlight #AtomicRedTeam Red Canary Antisyphon Training youtube.com/live/QJC2zBi29…

Atomic Spotlight: Execute PowerShell Code From DNS Text Records #AtomicSpotlight #AtomicRedTeam Red Canary Antisyphon Training youtube.com/live/-af9BqH4t…