Red Team Diary, Entry #1: Making NSA’s PeddleCheap RAT Invisible

Dimitrios Bougioukas
Jul 9 · 7 min read
https://docs.microsoft.com/en-us/windows-hardware/drivers/gettingstarted/user-mode-and-kernel-mode
This was the detection score, back in 2017

The Attack In Action


The Blue Team Perspective


Thanks to Donald Donzal

Dimitrios Bougioukas

Written by

Director, IT Security Training Services @ eLearnSecurity

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade