Technical

Ibai Castells explains how moving from high level Windows APIs to lower level syscall usage alters what EDRs observe. It outlines the trade offs and gives non-actionable guidance for defenders on telemetry and mitigation.

Dimly lit computer in a dark room, evoking hidden threats and reduced visibility.

Why So Syscalls? BOF Edition

Ibai Castells explains how moving from high level Windows APIs to lower level syscall usage alters what EDRs observe. It…
Classic vs Passthrough path to choose

Cobalt Strike External C2 Passthrough Guide

Cobalt Strike’s passthrough mode reshapes how red teams use External C2. By taking control of shellcode staging and custom channels,…