#CobaltStrike hunting tip of the week:

#PEsieve by hasherezade can oftentimes extract CS implants and loader shellcode directly from memory (depending, of course, on code injection methods). Try this out during investigations into suspect processes!

New #PEsieve / #HollowsHunter (v0.3.9): github.com/hasherezade/pe… & github.com/hasherezade/ho… - now you can search for your own signatures in memory. Details: github.com/hasherezade/pe…. Check it out!

New #PEsieve / #HollowsHunter (v0.3.5): github.com/hasherezade/pe… & github.com/hasherezade/ho… - with some bugfixes & improvements. Check it out!

We're excited to introduce hasherezade will be a Speaker at #SCSconference . She will sharing of knowledge about #PEsieve tool this year’s edition taking place on 13-14 September 2018, Warsaw, Poland.

u ever seen a pesieve scan take this long?

'Bypassing PESieve and Moneta' - by waldoirc🔥
➡️arashparsa.com/bypassing-pesi…
#redteam #blueteam #ThreatHunting #DFIR #malware

pesieve : An Opensource scanner for hunting & unpacking Malware : drive.google.com/file/d/1pIjYzn… (Slides) cc hasherezade

AVG AntiVirus doesn't hook that many APIs. This doesn't make me feel safe 🤮

-Hooks functions invocations via SetWindowsHookEx (No App_Init presence), loads aswhook.dll
-Flags #PEsieve as malware 😭
-List of *some hooked APIs: pastebin.com/khu8DkUM

🤔

Bypassing PESieve and Moneta (The 'easy' way....?) arashparsa.com/bypassing-pesi… #Pentesting #CyberSecurity #Infosec

In the meanwhile in #PEsieve / #HollowsHunter : refactored to use a new sig_finder (github.com/hasherezade/si…) , which gives an improved performance, and ability to load signatures with wildcards. Soon you will be able to add your own signatures for memory scans 🙂

Na #SCSconference hasherezade o ⚡️ #PEsieve jako przykład narzędzia wykrywającego hooking i implanty kodu.
#SCS2018 #casestudy

Since releasing malmemdetect and providing a list of IOCs i feel more comfortable releasing this. github.com/waldo-irc/YouM…

This is a project implementation of x64 gargoyle and sRDI to bypass PeSieve and Moneta in memory as threads. It’s stable, blog post after shmoo.

📢 New Release Alert!

#PEsieve 0.2.6 - bit.ly/pesieve
#HollowsHunter v0.2.6 - bit.ly/hollowshunter

New releases now support scanning for #IAT #hooks !

Wanna learn #Windows #Malware Analysis? Check out hasherezade at #Ringzer0 🔥 bit.ly/ringzero-windo…

New LOKI v0.27.0
> changed log format in TEXT and SYSLOG output to allow you the collection and analysis of LOKI logs in THOR APT Scanner's Splunk App
> PESieve check skipped on WinXP
github.com/Neo23x0/Loki/r…

#SharedLinks - Bypassing PESieve and Moneta (The 'easy' way....?) - bit.ly/3F9BPIG

😭 F-Secure Labs also flags #PEsieve as malware

RT hasherezade: The last #PEsieve (github.com/hasherezade/pe…) and #HollowsHunter (github.com/hasherezade/ho…) this year! (v0.2.4) - some improvements & many important fixes, so please don't miss it.

a new function in #PEsieve API is available - more info: github.com/hasherezade/pe…

Nuevo #PEsieve / #HollowsHunter (v0.3.8) .

Boris Johnson you allowed promoted using outside. I and many suffering ? I know you pesieve social housin residents as rubbish. Sick disabled autistic end of life live steps from hell Druid st beer mile 47 licensed hell holes l😢drunks been assaulted knock ? businesses awful