๐น [ snovvcrash, sn๐ฅถvvcr๐ฅsh ]
[#Tooling โ๏ธ] ๐งต (1/6) A thread of integrating #shellcode #fluctuation technique into DInjector: https://t.co/4VLQkuXO4q
Main credits to @mariuszbit, @_RastaMouse and @ShitSecure for their great tools and blogs which I heavily relied on here.
#redteam #maldev
๐ https://github.com/snovvcrash/DInjector/blob/0ed4182035f9dcd15cf987519e5f1320f669e962/DInjector/Modules/CurrentThread.cs#L233-L458
๐ฅ [ tweet ]
[#Tooling โ๏ธ] ๐งต (1/6) A thread of integrating #shellcode #fluctuation technique into DInjector: https://t.co/4VLQkuXO4q
Main credits to @mariuszbit, @_RastaMouse and @ShitSecure for their great tools and blogs which I heavily relied on here.
#redteam #maldev
๐ https://github.com/snovvcrash/DInjector/blob/0ed4182035f9dcd15cf987519e5f1320f669e962/DInjector/Modules/CurrentThread.cs#L233-L458
๐ฅ [ tweet ]
๐ฅ3
๐ [ hasherezade, hasherezade ]
My new paper for @MBThreatIntel: "#JSSLoader - the #shellcode edition" : https://t.co/gzpnhlr6mf // #FIN7
๐ https://malwarebytes.com/blog/threat-intelligence/2022/08/jssloader-the-shellcode-edition
๐ฅ [ tweet ]
My new paper for @MBThreatIntel: "#JSSLoader - the #shellcode edition" : https://t.co/gzpnhlr6mf // #FIN7
๐ https://malwarebytes.com/blog/threat-intelligence/2022/08/jssloader-the-shellcode-edition
๐ฅ [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
๐ [ Jiลรญ Vinopal @vinopaljiri ]
Inspired by @0gtweet, I created PoC: EXE-or-DLL-or-ShellCode that can be:
Executed as a normal #exe
Loaded as #dll + export function can be invoked
Run via "rundll32.exe"
Executed as #shellcode right from the DOS (MZ) header that works as polyglot stub
๐ https://github.com/Dump-GUY/EXE-or-DLL-or-ShellCode
๐ฅ [ tweet ]
Inspired by @0gtweet, I created PoC: EXE-or-DLL-or-ShellCode that can be:
Executed as a normal #exe
Loaded as #dll + export function can be invoked
Run via "rundll32.exe"
Executed as #shellcode right from the DOS (MZ) header that works as polyglot stub
๐ https://github.com/Dump-GUY/EXE-or-DLL-or-ShellCode
๐ฅ [ tweet ]
๐5๐ค1