https://www.borasec.net/research daily 0.75 2025-06-11 https://www.borasec.net/research/0x3-edr-avoidance-by-splitting-malware-into-pieces monthly 0.5 2025-06-11 https://images.squarespace-cdn.com/content/v1/6836484e8eddbe7b52606ab5/f5ab5993-90ae-43f1-8b7c-91d04f4de174/encrypted_output_file.png Research - Shellcode in Pieces - This ‘One Weird Trick to Evade EDR’ Isn’t Dead Yet - Make it stand out fig.3 Output of the linux file command showing the magic bytes corresponding file types of the faked files https://images.squarespace-cdn.com/content/v1/6836484e8eddbe7b52606ab5/4da60811-62cb-4a7f-9448-103b4506614e/Malware_Encryption_and_Split_transparent.png Research - Shellcode in Pieces - This ‘One Weird Trick to Evade EDR’ Isn’t Dead Yet - Make it stand out fig.1 High-level overview of encrypting and splitting process in the Encryption program. https://images.squarespace-cdn.com/content/v1/6836484e8eddbe7b52606ab5/0ae1c6b5-8ee0-406b-acd0-c4550a65e8be/Malware_Join_and_Decrypt_transparent.png Research - Shellcode in Pieces - This ‘One Weird Trick to Evade EDR’ Isn’t Dead Yet - Make it stand out fig.4 High-level overview of rejoining and decrypting process. https://images.squarespace-cdn.com/content/v1/6836484e8eddbe7b52606ab5/12e1c5f4-648a-48a0-964a-d2696a41c241/messageboxA_execution.png Research - Shellcode in Pieces - This ‘One Weird Trick to Evade EDR’ Isn’t Dead Yet - Make it stand out fig. 5 Debugging execution showing the three shellcode image files, and the messagebox popup confirming shellcode execution. https://images.squarespace-cdn.com/content/v1/6836484e8eddbe7b52606ab5/3cba37cb-3cd2-4d29-9eb9-1faaa0301e7f/encryption_execution.png Research - Shellcode in Pieces - This ‘One Weird Trick to Evade EDR’ Isn’t Dead Yet - Make it stand out fig.2 Directory listing after execution of the encryption program using messageboxA shellcode https://images.squarespace-cdn.com/content/v1/6836484e8eddbe7b52606ab5/1c673993-55e6-4864-9b03-e4e2f2966a68/sliver_split_output.png Research - Shellcode in Pieces - This ‘One Weird Trick to Evade EDR’ Isn’t Dead Yet - Make it stand out fig.6 Split of sliver shellcode https://www.borasec.net/research/0x2-parsing-mitre-attampck-cti-for-threat-emulation monthly 0.5 2025-06-10 https://images.squarespace-cdn.com/content/v1/6836484e8eddbe7b52606ab5/77fed7e0-ef21-41f6-8a27-d94c9dac375c/conti_ttps_outputs.png Research - Parsing MITRE ATT&CK CTI for Threat Emulation TTPs - Make it stand out Results for the Conti Ransomware software, with csv and json file output arguments. https://images.squarespace-cdn.com/content/v1/6836484e8eddbe7b52606ab5/a518534f-41f6-422a-96c1-c25a013ef6ce/cinnamon_tempest_csv_output.png Research - Parsing MITRE ATT&CK CTI for Threat Emulation TTPs - Make it stand out CSV file opened showing exported information for "Cinnamon Tempest". https://images.squarespace-cdn.com/content/v1/6836484e8eddbe7b52606ab5/6a45b921-d3d8-4969-af96-c4e481dddd6a/mitre_threat_usage.png Research - Parsing MITRE ATT&CK CTI for Threat Emulation TTPs - Listing all the available options, the search term for the desired threat is mandatory, as is one of the categories actor “Group”, malicious “Software”, or executed “Campaigns”. Digging deeper to return associated TTPs, as well as file outputs are optional arguments. MITRE CTI command line usage arguments https://images.squarespace-cdn.com/content/v1/6836484e8eddbe7b52606ab5/6308680c-b421-4ced-8c96-76497bc84c04/dragon_search.png Research - Parsing MITRE ATT&CK CTI for Threat Emulation TTPs - Make it stand out Searching actor groups for keyword "dragon". https://www.borasec.net/research/0x1-simple-uac-bypass-via-registry-hijack-implemented-in-c monthly 0.5 2025-06-10 https://images.squarespace-cdn.com/content/v1/6836484e8eddbe7b52606ab5/0db7205f-8c7e-47e6-af09-76e3f038c9b9/Pasted+image+20250528112225.png Research - Simple UAC Bypass via Registry Hijack Implemented in C++ - Make it stand out fig.2. 42 binaries in System32 marked with autoElevate set to true within their manifests - Windows 10 - 10.0.19045 N/A Build 19045 https://images.squarespace-cdn.com/content/v1/6836484e8eddbe7b52606ab5/9164868b-3e00-45aa-8ecb-9faede0d3849/Pasted+image+20250528112138.png Research - Simple UAC Bypass via Registry Hijack Implemented in C++ - Make it stand out fig. 1. Manifest entry for ComputerDefaults.exe - Windows 10 - 10.0.19045 N/A Build 19045 https://www.borasec.net/contact daily 0.75 2025-05-29 https://www.borasec.net/about daily 0.75 2025-06-12 https://www.borasec.net/home daily 1.0 2025-06-16 https://images.squarespace-cdn.com/content/v1/6836484e8eddbe7b52606ab5/1749479209372-PV4RZ98CSX1YLKU1JS19/unsplash-image-WcM5Rg7qBBo.jpg https://images.squarespace-cdn.com/content/v1/6836484e8eddbe7b52606ab5/1749478605952-TIJOORIZFN07S8COMV4P/unsplash-image-HumE-iC2wLU.jpg https://images.squarespace-cdn.com/content/v1/6836484e8eddbe7b52606ab5/1749478791667-NEL8CHEXECGNT5B7PEC3/unsplash-image-XC7lc8biINg.jpg https://images.squarespace-cdn.com/content/v1/6836484e8eddbe7b52606ab5/1749478971223-BDYEBHBLSYTY34Q2W7FU/unsplash-image-WsEbnsnKbUE.jpg https://www.borasec.net/offensive-services daily 0.75 2025-07-08