Ares
This project is a PoC loader written in C/C++ based on the Transacted Hollowing technique. It features:
— PPID spoofing
— Dynamic function resolution with API hashing
— NTDLL unhooking
— AES256 CBC Encryption
— CIG to block non-Microsoft-signed binaries
https://github.com/Cerbersec/Ares
#edr #evasion #cpp
This project is a PoC loader written in C/C++ based on the Transacted Hollowing technique. It features:
— PPID spoofing
— Dynamic function resolution with API hashing
— NTDLL unhooking
— AES256 CBC Encryption
— CIG to block non-Microsoft-signed binaries
https://github.com/Cerbersec/Ares
#edr #evasion #cpp
GitHub
GitHub - Cerbersec/Ares: Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique
Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique - Cerbersec/Ares
👍1
Malware Analysis: Syscalls
Great guide and overview about Syscalls and how to start diagnosing them.
https://jmpesp.me/malware-analysis-syscalls-example/
#maldev #cpp #syscall
Great guide and overview about Syscalls and how to start diagnosing them.
https://jmpesp.me/malware-analysis-syscalls-example/
#maldev #cpp #syscall
RefleXXion
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.
https://github.com/hlldz/RefleXXion
#edr #evasion #cpp #redteam
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.
https://github.com/hlldz/RefleXXion
#edr #evasion #cpp #redteam