Our best in class red team can deliver a holistic cyber attack simulation to provide a true evaluation of your organisation’s cyber resilience.
Leverage the team behind the industry-leading Web Application and Mobile Hacker’s Handbook series.
MDSec’s penetration testing team is trusted by companies from the world’s leading technology firms to global financial institutions.
Our certified team work with customers at all stages of the Incident Response lifecycle through our range of proactive and reactive services.
Aug 3rd, 2022
Written by: Admin
ActiveBreach
Introduction In part one, we introduced generic approaches to performing threat hunting of C2 frameworks and then followed it up with practical examples against Cobalt Strike in part two. In…
Aug 2nd, 2022
Written by: Admin
ActiveBreach
Introduction Process enumeration is necessary prior to injecting shellcode or dumping memory. Threat actors tend to favour using CreateToolhelp32Snapshot with Process32First and Process32Next to gather a list of running processes….
Jul 25th, 2022
Written by: Admin
ActiveBreach
Cobalt Strike is one of the most popular command-and-control frameworks, favoured by red teams and threat actors alike. In this blog post we will discuss strategies that can be used…
Jul 22nd, 2022
Written by: Admin
ActiveBreach
Introduction Its no secret that MDSec provides a commercial command-and-control framework with a focus on evasion for covert operations. With this in mind, we are continuously performing on-going R&D in…
Jul 7th, 2022
Written by: Admin
ActiveBreach
Introduction During a recent engagement the team came up against an unfamiliar product, Altiris. Very little public research was available about Altiris, with a considerable lack of information regarding abusing…
May 17th, 2022
Written by: Admin
ActiveBreach
Introduction It’s been some months since our 0.1 release in December ‘21 and the development team have been working hard on new features, research and development, alongside bug fixes and…
Apr 19th, 2022
Written by: Admin
ActiveBreach
Introduction While developing new features for Nighthawk C2, we observed that NTDLL contains up to three internal tables with the Relative Virtual Address (RVA) of all system calls. Two of these…
Mar 29th, 2022
Written by: Admin
ActiveBreach
This blog post details several recently patched vulnerabilities in the Veeam Backup & Replication and Veeam Agent for Microsoft Windows. We’ll detail MDSec’s process for identifying these 1Day vulnerabilities, writing…
Jan 7th, 2022
Written by: Admin
ActiveBreach
Introduction Post-exploitation tooling designed to operate within mature environments is frequently required to slip past endpoint detection and response (EDR) software running on the target. EDR frequently operate by hooking…
Dec 16th, 2021
Written by: Admin
ActiveBreach
Introduction MDSec’s ActiveBreach red team operate in the some of the highest maturity environments, where a significant degree of in-memory and post-exploitation operational security is often required to counteract defensive…