MDSec's adversary simulation service offers several "interesting features" designed to challenge mature security postures by mimicking real-world threat actors. A particularly notable technical feature developed through their research is API Call Stack Masking in their Nighthawk command-and-control (C2) tool. Key Features of MDSec ActiveBreach
: This tool includes features like Call Stack Masking , which spoofs Windows API calls so they appear to originate from legitimate functions. This prevents security vendors from detecting malicious activity even when the implant is actively checking in ("sleep 0"). ActiveBreach_MDsec-Adversary-Simulation-and-Red...
: MDSec provides a dedicated Adversary Simulation Lab that allows practitioners to learn how to automate the deployment of operational infrastructure and perform lateral movement. ActiveBreach_MDsec-Adversary-Simulation-and-Red...