Chetan Nayak (Brute Ratel C4 Author) Profile picture
DarkVortex Founder | https://t.co/x8K5gzt2RG | Former RedTeam @CrowdStrike/@Mandiant/@niiconsulting
May 1, 2022 15 tweets 3 min read
A lot of times when I provide Brute Ratel demos, I get a tonne of questions on detection, so here goes a rant on how detections are usually built. First and the most basic detections are static signature based. (1/15) These are built on atop of yara rules which search for a specific set of opcodes in your binary/exe file. If your payload contains any strings from known payloads,you are bound to get caught. These also include detections of randomness in your PE to search for encrypted (2/15)