In the first part of the DUALITY series, we introduced the idea of DUALITY and its pipeline to backdoor DLLs for persistence. The tradecraft associated with the backdooring process and process injection, with regard to modern EDR capabilities, was relatively primitive. An easy detection opportunity for AV / EDR companies from the first blog post would be to signature the “.duality” section added to backdoored DLLs. In this blog post, we will discuss improvements to tradecraft for DUALITY.
We will also discuss how the same pipeline can be utilized for initial access by introducing DUALITY’s web-based stager, which contains several useful features such as low-privilege DLL enumeration to give the operator the remote option of which DLL to backdoor, as well as the ability to handle multiple, simultaneous payload detonations in order to handle the backdooring of dependencies from multiple hosts.
Note that we have intentionally released a more neutralized version of DUALITY in Part I. We unfortunately do not intend on releasing a completely weaponized version of DUALITY primarily because we want to limit the potential damage it might cause and secondarily due to the amount of research time it involved.
When it comes to tradecraft versus EDR, there are two primary categories we will consider for this iteration:
We’ve intentionally left out reputation-based detections as competent stager / beacon communications setup is up to the reader.
We previously presented a few ideas for detecting the first iteration of DUALITY. One key issue was that section names added to backdoored DLLs are hardcoded. Section names such as “.duality” should be a red flag. To resolve this, any added sections are now randomly named during the shellcode compilation and packing process.
This is depicted in the following screenshot, where the C# pipeline program replaces template variables in the shellcode-C (SCC) file prior to compilation for each DLL.
.png?w=100%25&hash=E7F8BB770D189E55BE8161869896AC6D)
Replacing Template Variables in SCC File
The first iteration of DUALITY performed process injection by resolving function pointers from the current process’s modules / functions, which are hooked by AV / EDR. To resolve this, we’ve introduced functionality in the initial access stager that will send the host’s “ntdll.dll” file to the backdooring backend, along with the DLLs we are interested in backdooring. This will allow us to pack “ntdll.dll” as a section to the backdoored DLL. In our shellcode, we will then dynamically resolve “clean” functions from this clean packed “ntdll.dll”, such as “NtAllocateVirtualMemory” or other “Nt” functions that malware may utilize.
We go a step further beyond this by combining the assembly from the packed “ntdll.dll” section with the syscall instruction from the “ntdll.dll” in the current process’s memory space, in order to perform an “indirect syscall”. This is technically overkill for evading EDR hooks, as we are not operating from a random heap location (such as the case for an implant operating from memory) when we execute these “Nt” calls. When the stack trace is examined after a syscall is performed, if we are operating from a disk-backed image of a PE, the syscall instruction will be coming from a valid, executable section in memory that reflects a section on disk. This is how DUALITY operates. However, if this syscall instruction originated from a random heap address that does not reflect some valid section on disk (such as when an implant is operating from memory), that would likely be a high-fidelity indicator that something malicious is executing.
The following function from the SCC template resolves a “clean ntdll.dll” function from the packed section passed in as a “buffer” address. The passed in “ntdllHandle” variable contains a handle to the in-process hooked “ntdll.dll”, which we can use for an indirect syscall.
.png)
Resolving Functions from Packed ntdll.dll
Later in the code we can observe how the indirect syscall is constructed:
.png)
Construction of Indirect Syscall
The following depicts the function “create_jmp_opcode”:
.png)
Creating "jmp" Opcode for Indirect Syscall
Note that the usage of common functions such as “memcpy” are prefixed with “_” in the case of “_memcpy”, because we assume no access to the C runtime during shellcode execution; therefore, we use our own version defined in the Position Independent Code (PIC) so we can support our shellcode. Remember, all of this C code gets compiled into PIC and operates from our “.duality” section (which is going to be a randomly named section during compilation).
The same pipeline utilized for persistence can be re-purposed to be used for initial access. The “persistence” pipeline currently performs the following:
For this blog post, we are only sharing how our implementation of the initial access web stager works. Note that the pipeline for persistence as well as the persistence script are available publicly.
The first feature of the DUALITY operator dashboard is that authorization keys are required in order for the stager to reach out. These keys can be generated and revoked at will. This allows an operator to detonate the stager, stage in and implant, and then render the stager non-operational.
.png)
Auth Keys Utilized
For the second feature, note the “SC Prefix” text box. This allows the stager to be associated with any previously uploaded shellcode (from any C2) to be utilized as part of the initial access pipeline. A PowerShell one-liner and web friendly one-liner are present for public proof-of-concept and for testing against systems with basic AV / EDR. We recommend creating a stealthier stage-0 one-liner to load in the DUALITY stager, which will perform the actual backdooring.
Since the backdooring process takes up to 5 minutes sometimes due to enumeration of low-privilege DLLs, uploading / downloading files, and the backdooring process in the backend itself, it’s useful to the operator to see which step in the backdooring process the stager is in. This is rendered to the operator from the DUALITY dashboard.
.png)
Logging for Backdooring Process
When a callback comes in, the operator can examine important information such as the username, user domain, and external IP address registrant organization. This can greatly inform the payload detonation information of the stager and help the operator reject payload detonations if they occur within sandbox environments. If sandbox execution takes place, it is crucial for operators to have the ability to prevent payloads from being fully staged. The prevention can result in truly malicious payloads being marked as benign, buying more time for the operation. If the stager detonation context appears satisfactory however, the operator may click the red callback ID link.
.png?w=100%25&hash=74DAE3DF885325B045483DD24C6ED5CE)
Stager Detonation Information
The operator is also able to handle simultaneous detonation in cases where multiple callbacks are received. In this way, the backdooring process can take place for multiple hosts in parallel.
.png?w=100%25&hash=026189292B34B8491ED4BAB59F6DE560)
Simultaneous Detonation
When the operator clicks a callback ID (red link), they are taken to the backdooring selection screen where they can choose to backdoor a DLL from the enumerated DLLs. Remember that the stager had enumerated low-privilege locations for DLLs and associated EXEs prior to calling back with the options available. The operator also has the option to specify an executable associated with the DLL. Usually, this should be the executable that immediately loads in the DLL after spawning. For example, Microsoft Teams loads in “ffmpeg.dll” after spawning.
In any case, DUALITY is written to allow execution continuity, so the user is not affected by DUALITY logic. If no executable is specified, the DUALITY stager will backdoor the selected DLL but will not force-restart the associated process. For example, if we target “ffmpeg.dll”, DUALITY will send this DLL to the backend, backdoor it, and then swap it out with the original. This way, when Microsoft Teams naturally closes and restarts (such as after system reboot), the backdoored DLL is loaded into Microsoft Teams and the DUALITY logic runs.
If an executable is specified, the DUALITY stager will backdoor the DLL, and then terminate all processes with that executable’s name. The stager will then restart the executable. This allows for obtaining a shell immediately, rather than waiting for natural program usage.
Sometimes, no desirable program to be backdoored is available. In this case, the operator can specify an index of “-1”, which will utilize a generic backdoored DLL and load the DUALITY logic using a short-lived “rundll32” process. One “feature” of rundll32 is that even if you specify a non-existent entry point, it will do you the favor of running “DLLMain” anyway, which will run your DUALITY logic, and then inform you that the entry point does not exist. This works well in cases where no desirable DLLs to backdoor are present. This is assuming you backdoor “DLLMain”, which is what the public proof-of-concept does.
.png?w=100%25&hash=82F2441319FA94B76E976DBB72193D50)
Backdooring Choice
Some items in this iteration of DUALITY address the previous version’s “Future Plans” section. There are other items left in the public release version to improve tradecraft. Hopefully, this serves as pointers to where AV / EDR detections may exist.
Article
DUALITY: Advanced Red Team Persistence through Self-Reinfecting DLL Backdoors for Unyielding Control
Product / Service
Red Team Assessments
Capability Overview
Cyber Resilience
Product / Service
Penetration Testing Services
© Aon plc. 2024
All rights reserved with special acknowledgement to Faisal Tameesh (@primal0xF7) for his research on this material.
About Cyber Solutions:
Aon’s Cyber Solutions offers holistic cyber risk management, unsurpassed investigative skills, and proprietary technologies to help clients uncover and quantify cyber risks, protect critical assets, and recover from cyber incidents.
General Disclaimer
This document is not intended to address any specific situation or to provide legal, regulatory, financial, or other advice. While care has been taken in the production of this document, Aon does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the document or any part of it and can accept no liability for any loss incurred in any way by any person who may rely on it. Any recipient shall be responsible for the use to which it puts this document. This document has been compiled using information available to us up to its date of publication and is subject to any qualifications made in the document.
Terms of Use
The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.
Our Better Being podcast series, hosted by Aon Chief Wellbeing Officer Rachel Fellowes, explores wellbeing strategies and resilience. This season we cover human sustainability, kindness in the workplace, how to measure wellbeing, managing grief and more.
Podcast 18 mins
Better Being Series: Are You Taking Care of Your Digital Wellbeing?
Podcast 21 mins
On Aon Podcast: Better Being Series Dives into Women’s Health
Podcast 38 mins
On Aon’s Better Being Series: The World Wellbeing Movement
Podcast 30 mins
On Aon’s Better Being Series: Mental Health and Creating Kinder Cultures
Podcast 31 mins
On Aon’s Better Being Series: Managing Loss and Grief
Podcast 26 mins
On Aon’s Better Being Series: Measuring Wellbeing
Podcast 27 mins
On Aon’s Better Being Series: Physical Wellbeing and Resilience
Podcast 25 mins
On Aon’s Better Being Series: Human SustainabilityExpert Views on Today's Risk Capital and Human Capital Issues
Article 4 mins
Introduction: Clarity and Confidence to Make Better Decisions
Article 5 mins
The Age of Rising Resilience – An Economic Outlook
Article 6 mins
Building Resilience Against the Constant Cyber Threat
Article 5 mins
Making Better Decisions – A Treasurer’s Perspective
Article 5 mins
How to Balance the Conflicting Forces of Efficiency, Performance and Wellbeing
Article 8 mins
Seizing the Opportunity: Building a Comprehensive Approach to Risk Transfer
Article 5 mins
Tapping New Markets to Unlock Deal Value
Article 7 mins
The Rise of the Skills-Based Organisation
Article 5 mins
Creating a Fair and Equitable Workforce for Everyone
Article 5 mins
The Year of the Vote: How Geopolitical Volatility Will Impact Businesses
Article 5 mins
The Aon DifferenceThe construction industry is under pressure from interconnected risks and notable macroeconomic developments. Learn how your organization can benefit from construction insurance and risk management.
Article 19 mins
How North American Construction Contractors Can Mitigate Emerging Risks
Article 9 mins
Managing Construction Risks: 7 Risk Advisory Steps
Article 14 mins
Unlocking Capacity and Capital in a Challenging Construction Risk Market
Article 12 mins
Protecting North American Contractors from Extreme Heat Risks with Parametric
Article 8 mins
How Climate Modeling Can Mitigate Risks and Improve Resilience in the Construction Industry
Report 1 mins
Construction Risk Management Europe Report 2023
Article 19 mins
Parametric Can Help Mitigate Extreme Heat Risks for Contractors in EMEA
Article 21 mins
How the Construction Industry is Navigating Climate Change
Article 14 mins
Top Risks Facing Construction and Real Estate OrganizationsStay in the loop on today's most pressing cyber security matters.
Cyber Labs 10 mins
Adopt an AI Approach with Confidence, for CISOs and CIOs
Cyber Labs 3 mins
Responding to the CrowdStrike Outage: Implications for Cyber and Technology Professionals
Cyber Labs 11 mins
DUALITY Part II - Initial Access and Tradecraft Improvements
Cyber Labs 65 mins
Cracking Into Password Requirements
Cyber Labs 60 mins
DUALITY: Advanced Red Team Persistence through Self-Reinfecting DLL Backdoors for Unyielding Control
Cyber Labs 7 mins
Restricted Admin Mode – Circumventing MFA On RDP Logons
Cyber Labs 12 mins
Detecting “Effluence”, An Unauthenticated Confluence Web Shell
Cyber Labs 12 mins
Flash Loan Attacks: A Case Study
Cyber Labs 9 mins
Financially Motivated Criminal Group Targets Telecom, Technology & Manufacturing
Article 12 mins
To Combat Cyber Risk, Businesses Invest in Resilience
Article 10 mins
For Cyber Readiness, the CISO and CRO Join Forces
Article 16 mins
Mitigating Insider Threats: Managing Cyber Perils While Traveling GloballyOur Cyber Resilience collection gives you access to Aon’s latest insights on the evolving landscape of cyber threats and risk mitigation measures. Reach out to our experts to discuss how to make the right decisions to strengthen your organization’s cyber resilience.
Article 9 mins
Lessons Learned from the CrowdStrike Outage: 5 Strategies to Build Cyber Resilience
Article 8 mins
Responding to Cyber Attacks: How Directors and Officers and Cyber Policies Differ
Article 17 mins
Why Now is the Right Time to Customize Cyber and E&O Contracts
Article 7 mins
8 Steps Toward Building Better Resilience Against Rising Ransomware Attacks
Article 16 mins
Mitigating Insider Threats: Managing Cyber Perils While Traveling Globally
Article 7 mins
Managing Cyber Risk through Return on Security Investment
Article 10 mins
Mitigating Insider Threats: Your Worst Cyber Threats Could be Coming from Inside
Article 13 mins
Why HR Leaders Must Help Drive Cyber Security Agenda
Article 12 mins
Escalating Cyber Security Risks Mean Businesses Need to Build ResilienceOur Employee Wellbeing collection gives you access to the latest insights from Aon's human capital team. You can also reach out to the team at any time for assistance with your employee wellbeing needs.
Article 7 mins
Three Ways Collective Retirement Plans Support HR Priorities
Article 13 mins
How the Right Employee Wellbeing Strategy Impacts Microstress and Burnout at Work
Podcast 21 mins
On Aon Podcast: Better Being Series Dives into Women’s Health
Article 12 mins
Making Wellbeing Part of a Company’s DNA
Podcast 26 mins
On Aon’s Better Being Series: Measuring Wellbeing
Podcast 27 mins
On Aon’s Better Being Series: Physical Wellbeing and Resilience
Article 9 mins
Why Workforce Wellbeing is Vital to Company Performance
Article 8 mins
COVID-19 has Permanently Changed the Way We Think About WellbeingExplore Aon's latest environmental social and governance (ESG) insights.
Article 10 mins
Why ESG Is Even More Important In A Crisis Like COVID-19
Podcast 18 mins
On Aon Podcast: Approach to DE&I in the WorkplaceOur Global Insurance Market Insights highlight insurance market trends across pricing, capacity, underwriting, limits, deductibles and coverages.
Article 17 mins
Q4 2023: Global Insurance Market Overview
Article 17 mins
Top Risk Trends to Watch in 2024How do the top risks on business leaders’ minds differ by region and how can these risks be mitigated? Explore the regional results to learn more.
Article 17 mins
Top Risks Facing Organizations in Asia Pacific
Article 17 mins
Top Risks Facing Organizations in North America
Article 16 mins
Top Risks Facing Organizations in Europe
Article 16 mins
Top Risks Facing Organizations in Latin America
Article 15 mins
Top Risks Facing Organizations in the Middle East and Africa
Article 18 mins
Top Risks Facing Organizations in the United KingdomOur Human Capital Analytics collection gives you access to the latest insights from Aon's human capital team. Contact us to learn how Aon’s analytics capabilities helps organizations make better workforce decisions.
Article 25 mins
How Technology Will Transform Employee Benefits in the Next Five Years
Podcast 19 mins
On Aon Podcast: Technology Impacting the Future of Health and Benefits
Article 18 mins
Integrating Workforce Data to Uncover Hidden Insights
Article 25 mins
How Employers Can Use Data to Improve Their Health Plans
Podcast 26 mins
On Aon’s Better Being Series: Measuring Wellbeing
Article 14 mins
Designing Tomorrow: Personalizing EVP, Benefits and Total Rewards
Article 10 mins
How to Balance Cost with Growth in a Shifting Talent Market
Article 10 mins
How Companies are Mitigating Rising Medical Costs
Article 11 mins
How Data and Analytics Can Optimize HR ProgramsExplore our hand-picked insights for human resources professionals.
Article 8 mins
COVID-19 has Permanently Changed the Way We Think About Wellbeing
Article 10 mins
DE&I in Benefits Plans: A Global Perspective
Article 11 mins
How Data and Analytics Can Optimize HR Programs
Article 13 mins
Why HR Leaders Must Help Drive Cyber Security Agenda
Article 9 mins
Case Study: The LPGA Unlocks Talent Potential with Data
Article 14 mins
Navigating the New EU Directive on Pay Transparency
Article 12 mins
How to Design Better Talent Assessment to Promote DE&I
Article 8 mins
Training and Transforming Managers for the Future of Work
Article 9 mins
Rethinking Your Total Rewards Programs During Mergers and Acquisitions
Article 19 mins
Building a Resilient Workforce That Steers Organizational Success | An Outlook Across IndustriesOur Workforce Collection provides access to the latest insights from Aon’s Human Capital team on topics ranging from health and benefits, retirement and talent practices. You can reach out to our team at any time to learn how we can help address emerging workforce challenges.
Report 23 mins
A Workforce in Transition Prepares to Meet a Host of Challenges
Article 13 mins
Driving Inclusion and Diversity with Employee Benefits
Article 19 mins
Five Big Human Resources Trends to Watch in 2024
Article 10 mins
How Companies are Mitigating Rising Medical Costs
Report 1 mins
The Global Medical Trend Rates Report 2024
Podcast 27 mins
On Aon’s Better Being Series: Physical Wellbeing and Resilience
Article 13 mins
How the Right Employee Wellbeing Strategy Impacts Microstress and Burnout at Work
Article 24 mins
Advancing Women’s Health and Equity Through Benefits and Support
Podcast 19 mins
On Aon Podcast: Technology Impacting the Future of Health and Benefits
Article 10 mins
How Collective Retirement Plans Help Support Financial SustainabilityOur Mergers and Acquisitions (M&A) collection gives you access to the latest insights from Aon's thought leaders to help dealmakers make better decisions. Explore our latest insights and reach out to the team at any time for assistance with transaction challenges and opportunities.
Article 18 mins
Exit Strategy Value Creation Opportunities Exist as Economic Pressures Persist
Article 9 mins
Future Trends for Financial Sponsors: Secondary Transactions
Article 21 mins
3 Ways to Unlock M&A Value in a Challenging Credit Environment
Article 9 mins
Rethinking Your Total Rewards Programs During Mergers and Acquisitions
Article 18 mins
Organizational Design and Talent Planning are Key to M&A Success
Article 12 mins
An Ever-Complex Global Tax Environment Requires Strong M&A Risk Solutions
Article 7 mins
Project Management for HR: The Secret Behind a Successful M&A Deal
Article 15 mins
Cultural Alignment Planning Drives M&A SuccessHow do businesses navigate their way through new forms of volatility and make decisions that protect and grow their organizations?
Our Parametric Insurance Collection provides ways your organization can benefit from this simple, straightforward and fast-paying risk transfer solution. Reach out to learn how we can help you make better decisions to manage your catastrophe exposures and near-term volatility.
Article 11 mins
Parametric Insurance: A Complement to Traditional Property Coverage
Article 11 mins
Using Parametric Insurance to Match Capital to Climate Risk
Article 9 mins
Using Parametric Insurance to Close the Earthquake Protection Gap
Article 19 mins
How Technology Enhancements are Boosting ParametricOur Pay Transparency and Equity collection gives you access to the latest insights from Aon's human capital team on topics ranging from pay equity to diversity, equity and inclusion. Contact us to learn how we can help your organization address these issues.
Article 12 mins
Pay Transparency Can Lead to Better Equity Across Benefits
Article 21 mins
Understanding and Preparing for the Rise in Pay Transparency
Podcast 21 mins
On Aon Podcast: Understanding Pay Transparency Regulations
Article 14 mins
Navigating the New EU Directive on Pay Transparency
Article 13 mins
To Disclose Pay or Not? How Companies are Approaching the Pay Transparency Movement
Podcast 21 mins
On Aon Podcast: Better Being Series Dives into Women’s Health
Article 24 mins
Advancing Women’s Health and Equity Through Benefits and Support
Article 13 mins
Driving Inclusion and Diversity with Employee Benefits
Article 9 mins
Belonging at Work: How Employers can Strengthen DE&I
Article 10 mins
DE&I in Benefits Plans: A Global Perspective
Podcast 18 mins
On Aon Podcast: Approach to DE&I in the WorkplaceForecasters are predicting an extremely active 2024 Atlantic hurricane season. Take measures to build resilience to mitigate risk for hurricane-prone properties.
Article 10 mins
Build Resilience for an Extremely Active Atlantic Hurricane Season
Article 9 mins
Four Steps to Develop Strong Property Risk Coverage in a Hardening Market
Podcast 18 mins
On Aon Podcast: Navigating and Preparing for Catastrophes
Article 11 mins
Parametric Insurance: A Complement to Traditional Property Coverage
Article 12 mins
Navigating Climate Risk Using Multiple Models and Data Sets
Article 9 mins
Rising Losses From Severe Convection Storms Mostly Explained by Exposure Growth
Article 9 mins
Using Parametric Insurance to Close the Earthquake Protection GapOur Technology Collection provides access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities of technology. Reach out to the team to learn how we can help you use technology to make better decisions for the future.
Report 24 mins
Evolving Technologies Are Driving Firms to Harness Opportunities and Defend Against Threats
Article 17 mins
5 Ways Artificial Intelligence can Boost Claims Management
Article 7 mins
Artificial Intelligence and the Next Frontier for Financial Institutions
Article 10 mins
Mitigating Insider Threats: Your Worst Cyber Threats Could be Coming from Inside
Article 7 mins
8 Steps Toward Building Better Resilience Against Rising Ransomware Attacks
Article 17 mins
Overcoming the Reputational Cost of Cyber Attacks: The 10-Day Plan
Article 13 mins
Why HR Leaders Must Help Drive Cyber Security Agenda
Article 12 mins
How to Futureproof Data and Analytics Capabilities for ReinsurersTrade, technology, weather and workforce stability are the central forces in today’s risk landscape.
Article 12 mins
Cyber Attack or Data Breach
Article 8 mins
Business Interruption
Article 9 mins
Economic Slowdown or Slow Recovery
Article 12 mins
Failure to Attract or Retain Top Talent
Article 11 mins
Regulatory or Legislative Changes
Article 9 mins
Supply Chain or Distribution Failure
Article 12 mins
Commodity Price Risk or Scarcity of Materials
Article 9 mins
Damage to Brand or Reputation
Article 9 mins
Failure to Innovate or Meet Customer Needs
Article 8 mins
Increasing CompetitionOur Trade Collection gives you access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities for international business. Reach out to our team to understand how to make better decisions around macro trends and why they matter to businesses.
Report 4 mins
Global Risk Management Survey
Report 21 mins
Wide-Ranging Trade Issues Confront Global Businesses on Multiple Fronts
Article 9 mins
Four Steps to Develop Strong Property Risk Coverage in a Hardening Market
Article 30 mins
Cutting Supply Chains: How to Achieve More Reward with Less Risk
Article 22 mins
Driving Private Equity Value Creation Through Credit Solutions
Article 10 mins
4 Steps to Help Take Advantage of a Buyer-Friendly Directors' & Officers' Market
Article 14 mins
Managing Reputational Risks in Global Supply Chains
Article 10 mins
How an Outsourced Chief Investment Officer Can Help Improve Governance and Manage Complexity
Article 11 mins
Decarbonizing Your Business: Finding the Right Insurance and Strategy
Article 13 mins
Reputation Analytics as a Leading Indicator of ESG RiskWith a changing climate, organizations in all sectors will need to protect their people and physical assets, reduce their carbon footprint, and invest in new solutions to thrive. Our Weather Collection provides you with critical insights to be prepared.
Article 10 mins
Build Resilience for an Extremely Active Atlantic Hurricane Season
Report 26 mins
Climate Analytics Unlock Capital to Protect People and Property
Report 4 mins
Climate and Catastrophe Insight
Article 21 mins
How Investors are Making Better Decisions Amid a Changing Climate
Article 10 mins
Improving Agricultural Practices to Address Climate Risks
Article 18 mins
Understanding Freeze Risk in a Changing Climate
Podcast 10 mins
On Aon Podcast: Climate Science Through Academic Collaboration
Article 10 mins
How Companies Are Using Climate Modeling to Improve Risk Decisions
Podcast 9 mins
On Aon Insights: Climate and Supply Chain
Article 11 mins
Using Parametric Insurance to Match Capital to Climate Risk
Article 21 mins
How the Construction Industry is Navigating Climate Change
Article 13 mins
Record Heatwaves: Protecting Employee Health and SafetyOur Workforce Resilience collection gives you access to the latest insights from Aon's Human Capital team. You can reach out to the team at any time for questions about how we can assess gaps and help build a more resilience workforce.
Article 11 mins
Using Data to Close Workforce Gaps in Financial Institutions
Article 9 mins
Using Data to Close Workforce Gaps in Retail Companies
Article 12 mins
Using Data to Close Workforce Gaps in Technology Companies
Article 6 mins
Using Data to Close Workforce Gaps in Manufacturing Companies
Article 12 mins
Using Data to Close Workforce Gaps in Life Sciences Companies
Report 5 mins
Measure Workforce Resilience for Better Business Outcomes
Podcast 20 mins
On Aon Podcast: Methodology to Predict Employee Performance for the LPGA
Article 8 mins
Training and Transforming Managers for the Future of Work
Article 19 mins
Building a Resilient Workforce That Steers Organizational Success | An Outlook Across Industries
Cyber Labs 3 mins
This client alert provides an overview of the current global IT outage that is related to a CrowdStrike update. We provide an overview of CrowdStrike's response and guidance, and Aon Cyber Solutions' recommendations for affected clients.
Cyber Labs 65 mins
This blog post discusses new hashcat rule sets designed to crack passwords with minimum length and character class constraints, resulting in improved performance.
Cyber Labs 60 mins
This blog post introduces the concept of DUALITY, which is a methodology and pipeline for backdooring multiple DLLs on the fly so they are able to re-infect each other if infections are lost due to program updates.
You will soon receive an email to verify your email address. Please click on the link included in this note to complete the subscription process, which also includes providing consent in applicable locations and an opportunity to manage your email preferences.
Article
Article
Your request is being reviewed so we can align you to the best resources on our team. In the meantime, we invite you to explore some of our latest insights below.
Article
Article