๐น [ snovvcrash, sn๐ฅถvvcr๐ฅsh ]
[#Tooling โ๏ธ] ๐งต (1/6) A thread of integrating #shellcode #fluctuation technique into DInjector: https://t.co/4VLQkuXO4q
Main credits to @mariuszbit, @_RastaMouse and @ShitSecure for their great tools and blogs which I heavily relied on here.
#redteam #maldev
๐ https://github.com/snovvcrash/DInjector/blob/0ed4182035f9dcd15cf987519e5f1320f669e962/DInjector/Modules/CurrentThread.cs#L233-L458
๐ฅ [ tweet ]
[#Tooling โ๏ธ] ๐งต (1/6) A thread of integrating #shellcode #fluctuation technique into DInjector: https://t.co/4VLQkuXO4q
Main credits to @mariuszbit, @_RastaMouse and @ShitSecure for their great tools and blogs which I heavily relied on here.
#redteam #maldev
๐ https://github.com/snovvcrash/DInjector/blob/0ed4182035f9dcd15cf987519e5f1320f669e962/DInjector/Modules/CurrentThread.cs#L233-L458
๐ฅ [ tweet ]
๐ฅ3
๐น [ snovvcrash, sn๐ฅถvvcr๐ฅsh ]
[#HackTip โ] Such a tiny code snippet that can help you bypass some automatic sandbox detections โณ
#maldev
๐ฅ [ tweet ]
[#HackTip โ] Such a tiny code snippet that can help you bypass some automatic sandbox detections โณ
#maldev
๐ฅ [ tweet ]
๐น [ snovvcrash, sn๐ฅถvvcr๐ฅsh ]
[#Tooling โ๏ธ] Updated my SharpBin2SelfInject gist with the recent H/Invoke technique by @dr4k0nia for a stealthier GetModuleHandle / GetProcAddress resolution and invocation ๐ฅท๐ป
https://t.co/JZd3YCXfPh
#maldev #dinvoke #hinvoke
๐ https://gist.github.com/snovvcrash/30bd25b1a5a18d8bb7ce3bb8dc2bae37
๐ฅ [ tweet ]
[#Tooling โ๏ธ] Updated my SharpBin2SelfInject gist with the recent H/Invoke technique by @dr4k0nia for a stealthier GetModuleHandle / GetProcAddress resolution and invocation ๐ฅท๐ป
https://t.co/JZd3YCXfPh
#maldev #dinvoke #hinvoke
๐ https://gist.github.com/snovvcrash/30bd25b1a5a18d8bb7ce3bb8dc2bae37
๐ฅ [ tweet ]
๐ [ CaptMeelo, Meelo ]
Got some time over the weekend to make a new post. Here you go.
#redteam #maldev #pentest
https://t.co/Qlyc6A7YEf
๐ https://captmeelo.com/redteam/maldev/2022/10/17/independent-malware.html
๐ฅ [ tweet ]
Got some time over the weekend to make a new post. Here you go.
#redteam #maldev #pentest
https://t.co/Qlyc6A7YEf
๐ https://captmeelo.com/redteam/maldev/2022/10/17/independent-malware.html
๐ฅ [ tweet ]
๐ [ CaptMeelo, Meelo ]
I made some experiments over the past few days and I wanted share what I learned/observed.
#redteam #maldev #infosec
https://t.co/l1ANZbf6fg
๐ https://captmeelo.com/redteam/maldev/2022/11/07/cloning-signing.html
๐ฅ [ tweet ]
I made some experiments over the past few days and I wanted share what I learned/observed.
#redteam #maldev #infosec
https://t.co/l1ANZbf6fg
๐ https://captmeelo.com/redteam/maldev/2022/11/07/cloning-signing.html
๐ฅ [ tweet ]
๐ [ CaptMeelo, Meelo ]
Here's the tool that I demoed during my #SANSHackFest talk. Let's make it better by filing any issues you identified and submitting PRs.
#redteam #maldev
https://t.co/KvCJzVwSxi
๐ https://github.com/capt-meelo/laZzzy
๐ฅ [ tweet ]
Here's the tool that I demoed during my #SANSHackFest talk. Let's make it better by filing any issues you identified and submitting PRs.
#redteam #maldev
https://t.co/KvCJzVwSxi
๐ https://github.com/capt-meelo/laZzzy
๐ฅ [ tweet ]
๐น [ snovvcrash, sn๐ฅถvvcr๐ฅsh ]
(1/2) Despite being busy on an RT engagement, Iโve also played with the NtCreateUserProcess PoC in C# and if youโve troubles with spawning the proc, you wanna take a closer look at the attributeList.TotalLength value.
#maldev
๐ฅ [ tweet ][ quote ]
(1/2) Despite being busy on an RT engagement, Iโve also played with the NtCreateUserProcess PoC in C# and if youโve troubles with spawning the proc, you wanna take a closer look at the attributeList.TotalLength value.
#maldev
๐ฅ [ tweet ][ quote ]
๐ [ _atsika, Atsika ]
I've just started a blog on #maldev and #redteaming. Nothing fancy yet, just me trying to see if I've understood correctly.
The first post is about a custom version of GetModuleHandle and GetProcAddress in #go.
Check it out:
๐ https://blog.atsika.ninja/posts/custom_getmodulehandle_getprocaddress/
๐ฅ [ tweet ]
I've just started a blog on #maldev and #redteaming. Nothing fancy yet, just me trying to see if I've understood correctly.
The first post is about a custom version of GetModuleHandle and GetProcAddress in #go.
Check it out:
๐ https://blog.atsika.ninja/posts/custom_getmodulehandle_getprocaddress/
๐ฅ [ tweet ]
๐ฅ2
Forwarded from APT
Learn the process of crafting a personalized RDI/sRDI loader in C and ASM, incorporating code optimization to achieve full position independence.
๐ https://blog.malicious.group/writing-your-own-rdi-srdi-loader-using-c-and-asm/
#maldev #reflective #dll #clang #asm
Please open Telegram to view this post
VIEW IN TELEGRAM
Malicious Group
Writing your own RDI /sRDI loader using C and ASM
In this post, I am going to show the readers how to write their own RDI/sRDI loader in C, and then show how to optimize the code to make it fully position independent.
๐5