Bypass 2FA Using noVNC
Steal credentials and bypass 2FA by giving users remote access to your server via an HTML5 VNC client that has a browser running in kiosk mode.
https://mrd0x.com/bypass-2fa-using-novnc/
#2fa #bypass #novnc
Steal credentials and bypass 2FA by giving users remote access to your server via an HTML5 VNC client that has a browser running in kiosk mode.
https://mrd0x.com/bypass-2fa-using-novnc/
#2fa #bypass #novnc
In-Process Patchless AMSI Bypass
https://ethicalchaos.dev/2022/04/17/in-process-patchless-amsi-bypass/
#amsi #bypass #av #evasion
https://ethicalchaos.dev/2022/04/17/in-process-patchless-amsi-bypass/
#amsi #bypass #av #evasion
Ethical Chaos
In-Process Patchless AMSI Bypass - Ethical Chaos
Some of you may remember my patchless AMSI bypass article and how it was used inside SharpBlock to bypass AMSI on the child process that SharpBlock spawns. This is all well a good when up against client environments that are not too sensitive to the fork…
This media is not supported in your browser
VIEW IN TELEGRAM
KernelCallbackTable Injection
KernelCallbackTable which could be abused to inject shellcode in a remote process. This method of process injection was used by FinFisher/FinSpy and Lazarus.
https://captmeelo.com/redteam/maldev/2022/04/21/kernelcallbacktable-injection.html
#edr #bypass #injection #cpp #maldev
KernelCallbackTable which could be abused to inject shellcode in a remote process. This method of process injection was used by FinFisher/FinSpy and Lazarus.
https://captmeelo.com/redteam/maldev/2022/04/21/kernelcallbacktable-injection.html
#edr #bypass #injection #cpp #maldev
⚔️ Mangle — EDR Bypass
This is a tool that manipulates aspects of compiled executables (.exe or DLL). Mangle can remove known Indicators of Compromise (IoC) based strings and replace them with random characters, change the file by inflating the size to avoid EDRs, and can clone code-signing certs from legitimate files. In doing so, Mangle helps loaders evade on-disk and in-memory scanners.
https://github.com/optiv/Mangle
#edr #bypass #inflate #certificate
This is a tool that manipulates aspects of compiled executables (.exe or DLL). Mangle can remove known Indicators of Compromise (IoC) based strings and replace them with random characters, change the file by inflating the size to avoid EDRs, and can clone code-signing certs from legitimate files. In doing so, Mangle helps loaders evade on-disk and in-memory scanners.
https://github.com/optiv/Mangle
#edr #bypass #inflate #certificate
👍8
💉 Dirty Vanity — A New Approach to Code injection & EDR bypass
A POC for the new injection technique, abusing windows fork API to evade EDRs.
Source:
https://github.com/deepinstinct/Dirty-Vanity
Research:
https://i.blackhat.com/EU-22/Thursday-Briefings/EU-22-Nissan-DirtyVanity.pdf
#av #edr #bypass #injection #fork #api
A POC for the new injection technique, abusing windows fork API to evade EDRs.
Source:
https://github.com/deepinstinct/Dirty-Vanity
Research:
https://i.blackhat.com/EU-22/Thursday-Briefings/EU-22-Nissan-DirtyVanity.pdf
#av #edr #bypass #injection #fork #api
GitHub
GitHub - deepinstinct/Dirty-Vanity: A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www…
A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass...
👍6❤1
🎲 PowerShell Obfuscation
A simple and effective powershell obfuscaiton tool bypass Anti-Virus and AMSI-bypass + ETW-block.
https://github.com/H4de5-7/powershell-obfuscation
#powershell #obfuscation #amsi #etw #bypass
A simple and effective powershell obfuscaiton tool bypass Anti-Virus and AMSI-bypass + ETW-block.
https://github.com/H4de5-7/powershell-obfuscation
#powershell #obfuscation #amsi #etw #bypass
❤7👍4👎2
Forwarded from Ralf Hacker Channel (Ralf Hacker)
Это реально круто!
Вкратце: позволяет записывать файлы, созданные маяком кобальта (на примере кобальта), в память, а не на диск в системе.
https://github.com/Octoberfest7/MemFiles
#redteam #pentest #git #cs #bypass
Вкратце: позволяет записывать файлы, созданные маяком кобальта (на примере кобальта), в память, а не на диск в системе.
https://github.com/Octoberfest7/MemFiles
#redteam #pentest #git #cs #bypass
👍7
🔀 Direct Syscalls vs Indirect Syscalls
This post discusses Indirect Syscalls as a solution to eliminate indicators of compromise and avoid detection by EDRs. Indirect Syscalls allow the execution of Syscall and Return statements in the memory of ntdll.dll, which is the usual behavior in Windows.
https://redops.at/en/blog/direct-syscalls-vs-indirect-syscalls
#maldev #syscall #edr #bypass
This post discusses Indirect Syscalls as a solution to eliminate indicators of compromise and avoid detection by EDRs. Indirect Syscalls allow the execution of Syscall and Return statements in the memory of ntdll.dll, which is the usual behavior in Windows.
https://redops.at/en/blog/direct-syscalls-vs-indirect-syscalls
#maldev #syscall #edr #bypass
🔥8👍2
⛓ Divide and Rule — AMSI Bypass
By spliiting well known PowerShell scripts, e.g. an AMSI Bypass, we can directly bypass Windows Defender or get at least the line, where the detection occurs. Outcome: Several AMSI Bypasses and two scripts:
- One to split PowerShell snippets in multiple lines
- A second script to run all the files in an Oneliner, XOR obfuscated
https://badoption.eu/blog/2023/07/15/divideconqer.html
#amsi #av #bypass #powershell
By spliiting well known PowerShell scripts, e.g. an AMSI Bypass, we can directly bypass Windows Defender or get at least the line, where the detection occurs. Outcome: Several AMSI Bypasses and two scripts:
- One to split PowerShell snippets in multiple lines
- A second script to run all the files in an Oneliner, XOR obfuscated
https://badoption.eu/blog/2023/07/15/divideconqer.html
#amsi #av #bypass #powershell
❤7👍1