LightNews LightNews
pracsec.bsky.social
@pracsec.bsky.social
15 followers 2 following 11 posts
Posts Replies Media Videos
pracsec.bsky.social
Just released SpecterInsight v5.0.0! This version delivers a detailed operational event log, user experience improvements, and stability/bug fixes. Check out the full details here!

practicalsecurityanalytics.com/specterinsig...
SpecterInsight v5.0.0: EventViewer, Stability Fixes, and UX Improvements
Overview The main focus of this release is the EventView feature which provides an operational event log in the UI client so that teams can track all events happening on the server and it provides …
practicalsecurityanalytics.com
May 30, 2025 at 12:50 AM
pracsec.bsky.social
Checkout this post on using WinRM for lateral movement!

practicalsecurityanalytics.com/stealthy-lat...
Stealthy Lateral Movement Techniques with WinRM
Overview In this post, I am going to go over how to use WinRM to laterally move within an Active Directory network and to try and blend in with the noise. While WinRM does give you the ability to r…
practicalsecurityanalytics.com
May 8, 2025 at 6:34 AM
pracsec.bsky.social
SpecterInsight 4.4.0 just released! This version provides a new module for lateral movement and EDR silencer techniques via Group Policy, a Firewall module, and 7 new SpecterScripts.

practicalsecurityanalytics.com/specterinsig...
Version 4.4.0: GPO Module and More SpecterScripts
Overview The purpose of this release was to deliver two new modules for post-exploitation activity and to provide options for impairing defenses such as AV, EDR, and monitoring tools. These are imp…
practicalsecurityanalytics.com
April 29, 2025 at 9:13 AM
pracsec.bsky.social
SpecterInsight version 4.3.0 is chocked full of bug fixes, new payload pipelines, and a new hardware breakpoint AMSI bypass. Check it out!

practicalsecurityanalytics.com/version-4-3-...
Version 4.3.0: SpecterScripts, Payload Pipelines, and new AMSI Bypass
Summary The purpose of this release was to continue improving the payload pipeline obfuscation features, add a new AMSI bypass technique to the kit, and publish a few new SpecterScripts. Features S…
practicalsecurityanalytics.com
March 24, 2025 at 10:29 PM
pracsec.bsky.social
Check out this post on selecting bypasses and applying tailored obfuscation to evade AV.

Please let me know if you find this helpful, and let me know if there’s anything I can do to improve SpecterInsight!

practicalsecurityanalytics.com/bypassing-am...
Bypassing AMSI and Evading AV Detection with SpecterInsight
Introduction A few weeks ago, there was a post on reddit asking for advice on how to get their AMSI bypass through Windows Defender without being detected. Recently, it has become much more difficu…
practicalsecurityanalytics.com
March 4, 2025 at 1:21 AM
pracsec.bsky.social
SpecterInsight v4.2.0 has been released!

We’ve packed a bunch of improvements to our PowerShell obfuscation and payload pipeline features. Check out the release notes here:

practicalsecurityanalytics.com/specterinsig...
Version 4.2.0: Payload Pipeline Improvements
Overview This release primarily focuses on improving the SpecterInsight payload pipelines. We rolled out a bunch of new features to improve both our PowerShell and .NET payload pipelines with a foc…
practicalsecurityanalytics.com
February 24, 2025 at 3:16 PM
pracsec.bsky.social
Check out the latest release of SpecterInsight v4.1.0! This release brings UI improvements and new payloads including LNK files, MSBuild XML files, and InstallUtil exe.

practicalsecurityanalytics.com/specterinsig...
Version 4.1.0: UI Improvements and More Payloads
Overview The purpose if this release is to deliver a much requested UI feature and significant improvements to our payload pipeline capabilities that enabled the creation of four new Payload Pipeli…
practicalsecurityanalytics.com
December 18, 2024 at 5:35 AM
pracsec.bsky.social
I am happy to announce the release of SpecterInsight Version 4.0.0: Direct System Call Module, Process Injection, and New AMSI Bypass!

This release continues to evolve our defense evasion features making this one of the most advanced .NET implants!

practicalsecurityanalytics.com/specterinsig...
Version 4.0.0: Direct System Call Module, Process Injection, and New AMSI Bypass
Summary The purpose of this version is to improve SpecterInsight’s defense evasion capabilities by providing a direct system call module and additional process injection techniques. Lastly, t…
practicalsecurityanalytics.com
November 21, 2024 at 3:46 PM
pracsec.bsky.social
Check out this new AMSI bypass released with SpectersInsight 4.0.0! This technique enables loading of .NET binaries without detection. Implementations in C, C#, and PowerShell provided.

practicalsecurityanalytics.com/new-amsi-byp...
New AMSI Bypss Technique Modifying CLR.DLL in Memory
Introduction Recently, Microsoft has rolled out memory scanning signatures to detect manipulation of security critical userland APIs such as AMSI.dll::AmsiScanBuffer. You can read about the details…
practicalsecurityanalytics.com
November 21, 2024 at 3:35 PM
pracsec.bsky.social
Take a deep dive into emulating ransomware attacks for cyber security training.

practicalsecurityanalytics.com/how-to-emula...
How to Emulate a Ransomware Attack
Overview Ransomware is here to stay and cyber security professionals need to be trained to prevent, detect, respond, and recover from ransomeware attacks. So, how do we do that in an ethical and re…
practicalsecurityanalytics.com
March 20, 2024 at 3:07 AM
pracsec.bsky.social
We are excited to announce the release of SpecterInsight v2.3.0: Ransomware Simulation! Checkout the release notes.

practicalsecurityanalytics.com/specterinsig...
Version 2.3.0: Ransomware Emulation
Summary The purpose of this version is to provide a mechanism for emulating a ransomware attack without writing software that could be used for an actual ransomware attack. Essentially, we wanted a…
practicalsecurityanalytics.com
March 19, 2024 at 5:30 AM