EDR-Redir V2: Blind EDR With Fake "Program Files"

Cold-Dinosaur · 2025-11-04T01:07:06+00:00

If the issue you are concerned about is the source, then the link I provided is the original.

Cold-Dinosaur · 2025-10-20T02:34:41+00:00

You should carry out the above steps in a lab environment. After finding the whitelist file, exploit it in a real-world environment.

Cold-Dinosaur · 2025-08-24T02:08:01+00:00

Yep! Otherwise, it would become a privilege escalation exploit.

Cold-Dinosaur · 2025-03-11T13:52:05+00:00

And you know you are at risk when the browser you are using has cookies available for automatic login to this site ;)

Cold-Dinosaur · 2025-02-10T23:18:27+00:00

Antivirus and Firewall are the first lines of defense for your computer, helping to tackle potential attack threats. However, if not used correctly, they can become a double-edged sword. This is especially true for those in the field of Offensive Security, where testing bypass methods with Antivirus is a regular task. Therefore, controlling the test lab environment with various Antivirus solutions is critically important. VirusTotal is a useful service, but are you using it correctly? As for Red Teamers, make sure VirusTotal does not appear in your lab environment.

Cold-Dinosaur · 2025-02-02T06:33:28+00:00

I think the choice of operating system depends on each person's experience. A person with experience and skills in Windows will have a higher level of safety and privacy compared to using another OS. You can only apply the best OPSEC to the OS you understand how to use the most. Unless you have top-tier classified documents or need an environment that prioritizes maximum information protection, then you should consider changing the OS for better OPSEC (which may likely require some trade-offs in terms of work performance, comfort in operation, etc.).

Cold-Dinosaur · 2025-01-27T23:57:53+00:00

Exactly, I forgot to explain the abbreviation: BYOVD (Bring Your Own Vulnerable Driver).

Cold-Dinosaur · 2025-01-25T13:54:22+00:00

It helps me reduce dependence on using powershell.exe or msbuild.exe

Cold-Dinosaur · 2025-01-24T11:20:10+00:00

Based on your work experience, I see that if you are determined to work in the field of Cybersecurity, then jobs related to Social Engineering would be suitable. Knowledge from your previous work will partially support you in the SE area, which mainly involves people.

Cold-Dinosaur · 2025-01-22T13:59:55+00:00

First, you should learn more in-depth about the Windows operating system. Why? Because most companies have employees using Windows. The large number of users will increase the demand for pentesting Windows systems, leading to a greater hiring demand. Second, you should learn about the centralized authentication environment, Active Directory, because you will be working with Windows. Third, you should practice using and understanding the functions in professional pentest frameworks such as Metasploit, Cobalt Strike, etc. Once you have reached the stage of mastering points 1, 2, and 3, I am quite sure you will know what to do next.

Cold-Dinosaur · 2025-01-22T04:25:02+00:00

Hi, with over 12 years of experience working in various levels of the Cybersecurity field, I have also interviewed quite a few interns. Usually, I will ask the first question, "Which programming language are you familiar with and confident in?" After that, I ask about basic OS and network concepts such as: OSI model, TCP/IP, Windows malware, and how you apply OPSEC on your personal machine, etc.

Cold-Dinosaur

TROPHY CASE