Process injection
Covers these:
#malware_dev
Covers these:
Techniques that i will cover here:https://github.com/MahmoudZohdy/Process-Injection-Techniques/tree/main
[x] Inject Dll in remtote process using CreateRemoteThread API.
[x] Inject Dll in remtote process using SetWindowsHookExW API.
[x] Inject ShellCode in remtote process using CreateRemoteThread API.
[x] Inject ShellCode in remote process using QueueUserAPC API.
[x] Inject ShellCode in remote process using Early Bird Technique.
[x] Inject ShellCode in remote process using TLS CallBack Technique.
[x] Inject using Thread execution hijacking.
[x] Inject Dll in remtote process using Reflective DLL injection.
[x] inject using Process Hollowing.
[x] inject using Process Doppelganging.
[ ] inject using Atom Bombing.
[x] inject using Process Ghosting.
[x] inject and persist using Image File Execution Options.
[x] inject using using AppInit_DLLs Registry.
[x] inject using using AppCertDlls Registry.
#malware_dev
❤🔥1
Northsec:
Advanced process injection
https://www.youtube.com/live/pgaGpH2dYFc?si=AO8C8i-Xm9DDSF7F
#malware_dev , #process_injection
Advanced process injection
https://www.youtube.com/live/pgaGpH2dYFc?si=AO8C8i-Xm9DDSF7F
#malware_dev , #process_injection
YouTube
Advanced Process Injection Techniques
"Advanced Process Injection Techniques" is a hands-on workshop focused on providing candidates insights about the APT tactics & techniques on the privilege escalation & persistence phase. This workshop is a quick deep-dive into the Microsoft windows world…
Black hat: process injection techniques - Gotta catch them all
https://youtu.be/xewv122qxnk?si=MvVaE9RLQCPQ67wn
#malware_analysis , #malware_dev , #process_injection
https://youtu.be/xewv122qxnk?si=MvVaE9RLQCPQ67wn
#malware_analysis , #malware_dev , #process_injection
YouTube
Process Injection Techniques - Gotta Catch Them All
In this presentation, we provide the most comprehensive to-date "Windows process injection" collection of techniques - the first time such resource is available, that really covers all (or almost all) true injection techniques. We focus on Windows 10 x64…
👍1
decoded PowerShell noscript that perform C2 connection. The noscript decodes and executes commands received from a C2 server by using R64Decoder Function.
credit : @whichbuffer
this tool was used by an APT to target @bellingcat
https://gist.github.com/whichbuffer/22621545f9f5a1d946affd34f6659e64
#c2 , #powershell , #tool
credit : @whichbuffer
https://gist.github.com/whichbuffer/22621545f9f5a1d946affd34f6659e64
#c2 , #powershell , #tool
❤🔥2
Analyzing AsyncRAT's Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases
trendmicro.com/en_us/researc…
#AsyncRAT , #code_injection , #analysis
trendmicro.com/en_us/researc…
#AsyncRAT , #code_injection , #analysis
👍4
Needles Without The Thread: Threadless Process Injection
https://m.youtube.com/watch?si=UlFxll8AwTtMM0Cz&v=z8GIjk0rfbI&feature=youtu.be
Credit : @_EthicalChaos_
#thread , #process_injection
https://m.youtube.com/watch?si=UlFxll8AwTtMM0Cz&v=z8GIjk0rfbI&feature=youtu.be
Credit : @_EthicalChaos_
#thread , #process_injection
How GitLab's Red Team automates C2 testing
Credit: @eip_4141
https://about.gitlab.com/blog/2023/11/28/how-gitlabs-red-team-automates-c2-testing/
#c2 ,
Credit: @eip_4141
https://about.gitlab.com/blog/2023/11/28/how-gitlabs-red-team-automates-c2-testing/
#c2 ,
Using Office VBA Macro to exploit a vulnerable driver (zam64.sys) using DeviceIoControl, to get NTAUTHORITY\SYSTEM
TL;DR - Ring 0 using Office Doc}
Credit: @0xDISREL
https://disrel.com/posts/Ring0VBA-Getting-Ring0-Using-a-Goddamn-Word-Document/
#driver , #exploitation, #VBA
TL;DR - Ring 0 using Office Doc}
Credit: @0xDISREL
https://disrel.com/posts/Ring0VBA-Getting-Ring0-Using-a-Goddamn-Word-Document/
#driver , #exploitation, #VBA
HexBuddy-Leaked-Courses-Backup.txt
6.2 KB
Here is a list of update courses from various telegram channels gathered by our friend HexBuddy
Source Byte
decoded PowerShell noscript that perform C2 connection. The noscript decodes and executes commands received from a C2 server by using R64Decoder Function. credit : @whichbuffer this tool was used by an APT to target @bellingcat https://gist.github.com/…
Someone post it on Twitter and got 5k views and 90 likes while you don't even share post to others 👀
Source Byte pinned «Using Office VBA Macro to exploit a vulnerable driver (zam64.sys) using DeviceIoControl, to get NTAUTHORITY\SYSTEM TL;DR - Ring 0 using Office Doc} Credit: @0xDISREL https://disrel.com/posts/Ring0VBA-Getting-Ring0-Using-a-Goddamn-Word-Document/ #driver…»
Writing a simple 16 bit VM in less than 125 lines of C
https://andreinc.net/2021/12/01/writing-a-simple-vm-in-less-than-125-lines-of-c
#VM
https://andreinc.net/2021/12/01/writing-a-simple-vm-in-less-than-125-lines-of-c
#VM
creating a Rootkit to Learn C
credit : @h0mbre_
https://h0mbre.github.io/Learn-C-By-Creating-A-Rootkit/#
#rootkit ,
credit : @h0mbre_
https://h0mbre.github.io/Learn-C-By-Creating-A-Rootkit/#
#rootkit ,
🔥1
Reminder that creating a memory dump of Outlook.exe not only produces access tokens but also potentially sensitive email content.
Stealing Access Tokens From Office Desktop Applications :
https://mrd0x.com/stealing-tokens-from-office-applications/
credit : @mrd0x
#memory_dump ,
Stealing Access Tokens From Office Desktop Applications :
https://mrd0x.com/stealing-tokens-from-office-applications/
credit : @mrd0x
#memory_dump ,