: The team regularly researches and develops zero-day or customized exploits to use during engagements, such as those targeting backup infrastructure or bypassing EDR hooks .
: This tool includes features like Call Stack Masking , which spoofs Windows API calls so they appear to originate from legitimate functions. This prevents security vendors from detecting malicious activity even when the implant is actively checking in ("sleep 0"). ActiveBreach_MDsec-Adversary-Simulation-and-Red...
The service moves beyond standard penetration testing to provide a holistic evaluation of an organization's people, processes, and technology. : The team regularly researches and develops zero-day
: These exercises utilize customized tooling and Tactics, Techniques, and Procedures (TTPs) based on specific real-world adversaries relevant to the client’s industry. The service moves beyond standard penetration testing to
MDSec's adversary simulation service offers several "interesting features" designed to challenge mature security postures by mimicking real-world threat actors. A particularly notable technical feature developed through their research is API Call Stack Masking in their Nighthawk command-and-control (C2) tool. Key Features of MDSec ActiveBreach