: This tool includes features like Call Stack Masking , which spoofs Windows API calls so they appear to originate from legitimate functions. This prevents security vendors from detecting malicious activity even when the implant is actively checking in ("sleep 0").
: The team regularly researches and develops zero-day or customized exploits to use during engagements, such as those targeting backup infrastructure or bypassing EDR hooks . ActiveBreach_MDsec-Adversary-Simulation-and-Red...
: MDSec provides a dedicated Adversary Simulation Lab that allows practitioners to learn how to automate the deployment of operational infrastructure and perform lateral movement. : This tool includes features like Call Stack
: These exercises utilize customized tooling and Tactics, Techniques, and Procedures (TTPs) based on specific real-world adversaries relevant to the client’s industry. : MDSec provides a dedicated Adversary Simulation Lab
MDSec's adversary simulation service offers several "interesting features" designed to challenge mature security postures by mimicking real-world threat actors. A particularly notable technical feature developed through their research is API Call Stack Masking in their Nighthawk command-and-control (C2) tool. Key Features of MDSec ActiveBreach