😴 DeepSleep
A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
https://github.com/thefLink/DeepSleep
#memory #evasion #maldev
A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
https://github.com/thefLink/DeepSleep
#memory #evasion #maldev
👍1🔥1
This media is not supported in your browser
VIEW IN TELEGRAM
🔑 Extracting Credentials from Chrome Memory
An excellent study on how Chrome's memory works and how to extract credentials, cookies, etc. in а low privileges plain text format.
https://www.cyberark.com/resources/threat-research-blog/extracting-clear-text-credentials-directly-from-chromium-s-memory
#chrome #memory #dump #creds
An excellent study on how Chrome's memory works and how to extract credentials, cookies, etc. in а low privileges plain text format.
https://www.cyberark.com/resources/threat-research-blog/extracting-clear-text-credentials-directly-from-chromium-s-memory
#chrome #memory #dump #creds
👍10🔥5
🦠 Mangle
Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL). Mangle can remove known Indicators of Compromise (IoC) based strings and replace them with random characters, change the file by inflating the size to avoid EDRs, and can clone code-signing certs from legitimate files. In doing so, Mangle helps loaders evade on-disk and in-memory scanners.
https://github.com/optiv/Mangle
#av #edr #memory #evasion #redteam
Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL). Mangle can remove known Indicators of Compromise (IoC) based strings and replace them with random characters, change the file by inflating the size to avoid EDRs, and can clone code-signing certs from legitimate files. In doing so, Mangle helps loaders evade on-disk and in-memory scanners.
https://github.com/optiv/Mangle
#av #edr #memory #evasion #redteam
GitHub
GitHub - optiv/Mangle: Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from…
Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs - optiv/Mangle
❤🔥7
This media is not supported in your browser
VIEW IN TELEGRAM
🤖 DojoLoader — Generic PE Loader for Prototyping Evasion Techniques
This is a versatile PE loader designed for prototyping evasion techniques. It supports downloading and executing encrypted shellcode, dynamic IAT hooking, and three Sleep obfuscation methods. Ideal for use with UDRL-less Beacon payloads from Cobalt Strike.
🔗 Blog Post:
https://www.naksyn.com/cobalt%20strike/2024/07/02/raising-beacons-without-UDRLs-teaching-how-to-sleep.html
🔗 Source:
https://github.com/naksyn/DojoLoader
#cobaltstrike #udrl #memory #evasion
This is a versatile PE loader designed for prototyping evasion techniques. It supports downloading and executing encrypted shellcode, dynamic IAT hooking, and three Sleep obfuscation methods. Ideal for use with UDRL-less Beacon payloads from Cobalt Strike.
🔗 Blog Post:
https://www.naksyn.com/cobalt%20strike/2024/07/02/raising-beacons-without-UDRLs-teaching-how-to-sleep.html
🔗 Source:
https://github.com/naksyn/DojoLoader
#cobaltstrike #udrl #memory #evasion
🔥9❤2👍1