Execute This, I Know You Have It

A Local File Inclusion in Kibana allows attackers to run local JavaScript files Introduction As organizations flock to Elastic’s open source Elasticsearch to search and analyze massive amounts of data, many are utilizing the Kibana…

AMSI Bypass Redux

Three months ago we published a blog, “AMSI Bypass the Patching Technique,” describing how to bypass Microsoft AMSI (Antimalware Scan Interface) protection. Microsoft has since changed the way AMSI handles PowerShell sessions, so our original bypass technique…