Deep Dive into Stealthy Process Injection Techniques: Exploiting RWX Memory Regions
Attackers can abuse the RWX memory in Windows using secret process injection techniques. A modern defense strategy helps.
Bypassing Windows Security: How SSH Tunnels Can Hide Meterpreter Traffic
A sophisticated attack technique: tunnelling Meterpreter via SSH to evade detection!
Trovent relies on “Nemesis” for Breach & Attack simulations
Effective protection through realistic attack scenarios: We use powerful technology from our partner PSI for our new offering.
Randomised C2 traffic: Can it be detected?
Is it possible to detect a randomised C2 agent based on network traffic data alone or not? We have tested it thoroughly.
Impacket Detection – Part II: Detecting Impacket Attacks with Trovent MDR
Find out how Trovent MDR's rule-based detection engine can be used to detect Impacket attacks.
Impacket Attack Detection: Introducing Yet Another ETW Tracing Tool
Our Trovent Security Research Team developed its own ETW tracing tool. We’ll explain how YAETWi makes life easier for malware analysts and pentesting experts.
Application Control as a Security Measure: How to Avoid Dangerous Configuration Errors
Restricting applications is an important IT protection measure. You must take this into account when configuring application controls.
Bypassing Modern Antivirus: Advanced Windows Token Manipulation with tWATa
This deep dive reveals how a tool we developed in-house inconspicuously duplicates Windows tokens, bypasses antivirus signatures, and opens SYSTEM privileges.
How Can C2 Traffic Be Detected in Regular IMAP Data Traffic?
Does the command and control traffic of an attack transmitted via IMAP remain "invisible"? Or can a purpose-built IMAP C2 agent be detected? Our Trovent Security Research Team tested this specific scenario.
Rising costs: Is cyber insurance still worthwhile?
Insurers are becoming increasingly strict and expensive when it comes to cyber insurance. These are the reasons. And here's how you can react to save costs.
ISO 27001: The right way to deal with technical vulnerabilities
Vulnerability management, catalog of measures, processes, tools, etc.: How can the requirements of the old and adapted ISO 27001 be met with regard to technical vulnerabilities? We answer the most important questions for companies.
Comparing Detection Results with Microsoft365 Defender
Our objective: Comparing detection results from our EAGLE system with Microsoft365 Defender. And since the environments we typically work in are hybrid IT environments, consisting of both cloud and on-premise infrastructure, we wanted to make sure to include on-premise Windows machines in our testing process.