🧪 NtQueueApcThreadEx — NTDLL Gadget Injection
This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret gadget can be used for stealthy code injection.
Source:
https://github.com/LloydLabs/ntqueueapcthreadex-ntdll-gadget-injection
#apc #ntdll #injection #clang #redteam
This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret gadget can be used for stealthy code injection.
Source:
https://github.com/LloydLabs/ntqueueapcthreadex-ntdll-gadget-injection
#apc #ntdll #injection #clang #redteam
🔥5👍1
🛠 From C to Shellcode: Crafting Position-Independent Code
Ever wondered how malware developers create shellcode? Dive into the world of Position-Independent Code (PIC) and learn about a shellcode development method using MinGW. This approach combines assembly and C to create efficient and stealthy payloads.
🌐 Details:
https://steve-s.gitbook.io/0xtriboulet/just-malicious/from-c-with-inline-assembly-to-shellcode
#maldev #clang #shellcode #asssembly
Ever wondered how malware developers create shellcode? Dive into the world of Position-Independent Code (PIC) and learn about a shellcode development method using MinGW. This approach combines assembly and C to create efficient and stealthy payloads.
🌐 Details:
https://steve-s.gitbook.io/0xtriboulet/just-malicious/from-c-with-inline-assembly-to-shellcode
#maldev #clang #shellcode #asssembly
steve-s.gitbook.io
From C, with inline assembly, to shellcode | 0xTriboulet
Friday, August 11, 2023
👍3
Learn the process of crafting a personalized RDI/sRDI loader in C and ASM, incorporating code optimization to achieve full position independence.
🔗 https://blog.malicious.group/writing-your-own-rdi-srdi-loader-using-c-and-asm/
#maldev #reflective #dll #clang #asm
Please open Telegram to view this post
VIEW IN TELEGRAM
Malicious Group
Writing your own RDI /sRDI loader using C and ASM
In this post, I am going to show the readers how to write their own RDI/sRDI loader in C, and then show how to optimize the code to make it fully position independent.
🔥12👍2
Dive into building a BIOS bootloader from scratch to boot an x86 CPU into 64-bit mode. From ASM basics to integrating with C, unravel the complexities step-by-step.
🔗 Research:
https://thasso.xyz/2024/07/13/setting-up-an-x86-cpu.html
🔗 Code:
https://github.com/thass0/blog-code/tree/main/2024-07-13-setting-up-an-x86-cpu
#bios #loader #asm #clang
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥11👍2
🛠 Adventures in Shellcode Obfuscation
This series of articles explores various methods for hiding shellcode, emphasizing techniques to avoid detection. The focus is on demonstrating diverse approaches to conceal shellcode.
🔗 Part 1: Overview
🔗 Part 2: Hail Caesar
🔗 Part 3: Encryption
🔗 Part 4: RC4 with a Twist
🔗 Part 5: Base64
🔗 Part 6: Two Array Method
🔗 Part 7: Flipping the Script
🔗 Part 8: Shellcode as IP Addresses
🔗 Part 9: Shellcode as UUIDs
🔗 Part 10: Shellcode as MAC Addresses
🔗 Part 11: Jargon
🔗 Part 12: Jigsaw
🔗 Part 13: Calculating Offsets
🔗 Part 14: Further Research
#shellcode #obfuscation #clang #maldev
This series of articles explores various methods for hiding shellcode, emphasizing techniques to avoid detection. The focus is on demonstrating diverse approaches to conceal shellcode.
🔗 Part 1: Overview
🔗 Part 2: Hail Caesar
🔗 Part 3: Encryption
🔗 Part 4: RC4 with a Twist
🔗 Part 5: Base64
🔗 Part 6: Two Array Method
🔗 Part 7: Flipping the Script
🔗 Part 8: Shellcode as IP Addresses
🔗 Part 9: Shellcode as UUIDs
🔗 Part 10: Shellcode as MAC Addresses
🔗 Part 11: Jargon
🔗 Part 12: Jigsaw
🔗 Part 13: Calculating Offsets
🔗 Part 14: Further Research
#shellcode #obfuscation #clang #maldev
🔥20❤5😱1