SpecterInsight v5.0.0: EventViewer, Stability Fixes, and UX Improvements Overview The main focus of this release is the EventView feature which provides an operational event log in the UI client so that teams can track all events happening on the server and it provides …

Just released SpecterInsight v5.0.0! This version delivers a detailed operational event log, user experience improvements, and stability/bug fixes. Check out the full details here!

practicalsecurityanalytics.com/specterinsig...

Stealthy Lateral Movement Techniques with WinRM Overview In this post, I am going to go over how to use WinRM to laterally move within an Active Directory network and to try and blend in with the noise. While WinRM does give you the ability to r…

Checkout this post on using WinRM for lateral movement!

practicalsecurityanalytics.com/stealthy-lat...

Version 4.4.0: GPO Module and More SpecterScripts Overview The purpose of this release was to deliver two new modules for post-exploitation activity and to provide options for impairing defenses such as AV, EDR, and monitoring tools. These are imp…

SpecterInsight 4.4.0 just released! This version provides a new module for lateral movement and EDR silencer techniques via Group Policy, a Firewall module, and 7 new SpecterScripts.

practicalsecurityanalytics.com/specterinsig...

Version 4.3.0: SpecterScripts, Payload Pipelines, and new AMSI Bypass Summary The purpose of this release was to continue improving the payload pipeline obfuscation features, add a new AMSI bypass technique to the kit, and publish a few new SpecterScripts. Features S…

SpecterInsight version 4.3.0 is chocked full of bug fixes, new payload pipelines, and a new hardware breakpoint AMSI bypass. Check it out!

practicalsecurityanalytics.com/version-4-3-...

Bypassing AMSI and Evading AV Detection with SpecterInsight Introduction A few weeks ago, there was a post on reddit asking for advice on how to get their AMSI bypass through Windows Defender without being detected. Recently, it has become much more difficu…

Check out this post on selecting bypasses and applying tailored obfuscation to evade AV.

Please let me know if you find this helpful, and let me know if there’s anything I can do to improve SpecterInsight!

practicalsecurityanalytics.com/bypassing-am...

Version 4.2.0: Payload Pipeline Improvements Overview This release primarily focuses on improving the SpecterInsight payload pipelines. We rolled out a bunch of new features to improve both our PowerShell and .NET payload pipelines with a foc…

SpecterInsight v4.2.0 has been released!

We’ve packed a bunch of improvements to our PowerShell obfuscation and payload pipeline features. Check out the release notes here:

practicalsecurityanalytics.com/specterinsig...

Version 4.1.0: UI Improvements and More Payloads Overview The purpose if this release is to deliver a much requested UI feature and significant improvements to our payload pipeline capabilities that enabled the creation of four new Payload Pipeli…

Check out the latest release of SpecterInsight v4.1.0! This release brings UI improvements and new payloads including LNK files, MSBuild XML files, and InstallUtil exe.

practicalsecurityanalytics.com/specterinsig...

Version 4.0.0: Direct System Call Module, Process Injection, and New AMSI Bypass Summary The purpose of this version is to improve SpecterInsight’s defense evasion capabilities by providing a direct system call module and additional process injection techniques. Lastly, t…

I am happy to announce the release of SpecterInsight Version 4.0.0: Direct System Call Module, Process Injection, and New AMSI Bypass!

This release continues to evolve our defense evasion features making this one of the most advanced .NET implants!

practicalsecurityanalytics.com/specterinsig...

New AMSI Bypss Technique Modifying CLR.DLL in Memory Introduction Recently, Microsoft has rolled out memory scanning signatures to detect manipulation of security critical userland APIs such as AMSI.dll::AmsiScanBuffer. You can read about the details…

Check out this new AMSI bypass released with SpectersInsight 4.0.0! This technique enables loading of .NET binaries without detection. Implementations in C, C#, and PowerShell provided.

practicalsecurityanalytics.com/new-amsi-byp...

How to Emulate a Ransomware Attack Overview Ransomware is here to stay and cyber security professionals need to be trained to prevent, detect, respond, and recover from ransomeware attacks. So, how do we do that in an ethical and re…

Take a deep dive into emulating ransomware attacks for cyber security training.

practicalsecurityanalytics.com/how-to-emula...

Version 2.3.0: Ransomware Emulation Summary The purpose of this version is to provide a mechanism for emulating a ransomware attack without writing software that could be used for an actual ransomware attack. Essentially, we wanted a…

We are excited to announce the release of SpecterInsight v2.3.0: Ransomware Simulation! Checkout the release notes.

practicalsecurityanalytics.com/specterinsig...