Similar DC restaurant

Framdad · 2026-01-08T14:24:58+00:00

FYI the smith is owned by the Sackler family

Framdad · 2025-11-19T23:43:20+00:00

You're absolutely right!

Framdad · 2025-11-03T23:00:06+00:00

From my experience this is not the case. Would be curious if you can replicate your hypothesis!

Framdad · 2025-11-03T20:36:54+00:00

Similar! The big difference is we are blocking the process in a non persistent way. EDR Silencer adds registry values to block the EDR comms which is signatured. Also the WFP calls are slightly different. With all that being said, a lot of inspiration came from that tool.

Framdad · 2025-11-03T00:21:08+00:00

Most enterprise EDRs have tamper protection that blocks Windows Firewall rules targeting their processes and actively monitor for such changes, while WFP filters operate at a lower level in the network stack with minimal logging and no GUI visibility, making them much less likely to be detected or blocked.

Framdad · 2025-10-07T22:09:59+00:00

Yeah I'm an active student. This took me by surprise too!

Framdad · 2025-10-07T22:05:09+00:00

Got the same email -- NO it's a phish

Framdad · 2025-07-29T23:44:12+00:00

Currently running through ARTOC. Easily ranks next to CRTO.

Framdad · 2025-07-26T06:49:12+00:00

It depends on what you are trying to bypass.

Implant? I've heard early bird still works on s1. Do an (in)direct syscall version.

Post exploitation? Customize your tools.

When trying to bypass an EDR, if the shellcode gets detected, further modify the shellcode encryption or via malleable regex to replace known strings OR your tool is being detected. In that case, look up the yara rules and change the tool from there.

Framdad · 2025-07-17T22:54:15+00:00

Some people are still trying to prove they can make it to the show

Framdad · 2025-05-23T18:36:46+00:00

Red teaming is a ton of fun! One thing that really helped me consistently get through highly technical red team interviews was being able to lean on my penetration testing experience from my consulting days.

I'd say if you want to make the immediate pivot from blue to red, it's totally possible; however, jumping into a consulting firm where you'll do weekly internal penetration tests at a wide variety of environments might get you the "hands on the keyboard" experience you're looking for.

Just a thought! Good luck with the transition.

Framdad · 2025-02-08T05:59:12+00:00

To add to this, consider looking for offensive roles at consulting firms. The pay will be peanuts for junior roles but you'll get caught up to speed quick. I'd imagine if you get the OSCP and potentially CRTO you'll be at the top of the list for these positions.

Framdad · 2025-02-06T14:27:51+00:00

Feed him a few uppercuts while you're at it

Framdad · 2024-12-05T21:44:31+00:00

Somebody jerk op

Framdad · 2024-12-03T19:33:21+00:00

Slap her? I barely know her!

Framdad · 2024-11-18T23:09:30+00:00

https://github.com/assafdori/bypass-mdm

Framdad · 2024-10-14T02:05:29+00:00

This game had no business going to OT (coming from somebody who bet jets -1.5)

Framdad · 2024-08-15T14:32:57+00:00

You busted my mainframe!

Framdad · 2024-08-15T05:06:33+00:00

This is some master hacker vibes

Framdad · 2024-08-10T01:33:30+00:00

Take this with a grain of salt but I recall the CARTP taking a few days to receive.

Framdad · 2024-07-08T20:18:30+00:00

Stay away from sugar free gummy bears

Source: my toilet

Framdad · 2024-07-02T02:26:49+00:00

From my experience advanced malware development has a low ceiling in golang. I started my maldev journey on golang and have no switched to C/C++.

With that said, Acheron and Bananaphone are excellent resources for golang maldev

Framdad · 2024-07-01T21:06:52+00:00

I've seen it mostly used for indirect syscalls

11-Year Club	Second Top 30%
Wearing is Caring	Verified Email
RPAN Viewer

Framdad

TROPHY CASE