Nim on the Attack
Process Injection Using Nim and the Windows API
https://huskyhacks.dev/2021/07/17/nim-exploit-dev/
#redteam #winapi #injection #nim
Process Injection Using Nim and the Windows API
https://huskyhacks.dev/2021/07/17/nim-exploit-dev/
#redteam #winapi #injection #nim
Clipboard Shellcode Injection
https://gist.github.com/leftp/d89ddc4651a828333d9c0ca5681d1fc8
#clipboard #shellcode #injection #redteam #maldev
https://gist.github.com/leftp/d89ddc4651a828333d9c0ca5681d1fc8
#clipboard #shellcode #injection #redteam #maldev
Alternative Process Injection
Process injection is a well-known defense evasion technique that has been used for decades to execute malicious code in a legitimate process. Until now, it is still a common technique used by hackers/red teamers.
https://www.netero1010-securitylab.com/eavsion/alternative-process-injection
#process #injection #maldev
Process injection is a well-known defense evasion technique that has been used for decades to execute malicious code in a legitimate process. Until now, it is still a common technique used by hackers/red teamers.
https://www.netero1010-securitylab.com/eavsion/alternative-process-injection
#process #injection #maldev
Decoding PDF Injection
This article talks about PDF injection from scratch to the execution of XSS and SSRF via PDF injection.
https://medium.com/@urshilaravindran/pdf-injection-in-simple-words-8c399f92593c
#pdf #xss #ssrf #injection
This article talks about PDF injection from scratch to the execution of XSS and SSRF via PDF injection.
https://medium.com/@urshilaravindran/pdf-injection-in-simple-words-8c399f92593c
#pdf #xss #ssrf #injection
Medium
Decoding PDF Injection
PDF injection was listed down in the top 10 web application hacking techniques of 2020 and still it appears to be one of the most…
Process Injection via KernelCallBackTable
Process injection via the KernelCallBackTable involves replacing original callback function by custom payload so that whenever the function is invoked, payload will be triggered. In this case the fnCOPYDATA callback function has been used.
C# Code Snippet:
https://gist.github.com/sbasu7241/5dd8c278762c6305b4b2009d44d60c13
#edr #evasion #dll #injection #kernelcallbacktable
Process injection via the KernelCallBackTable involves replacing original callback function by custom payload so that whenever the function is invoked, payload will be triggered. In this case the fnCOPYDATA callback function has been used.
C# Code Snippet:
https://gist.github.com/sbasu7241/5dd8c278762c6305b4b2009d44d60c13
#edr #evasion #dll #injection #kernelcallbacktable
👍2
RemoteNET
This library lets you examine, create and interact with remote objects in other .NET processes.
It's like System.Runtime.Remoting except the other app doesn't need to be compiled (or consent) to support it.
Basically this library lets you mess with objects of any other .NET app without asking for permissions
https://github.com/theXappy/RemoteNET
#csharp #injection #pentest
This library lets you examine, create and interact with remote objects in other .NET processes.
It's like System.Runtime.Remoting except the other app doesn't need to be compiled (or consent) to support it.
Basically this library lets you mess with objects of any other .NET app without asking for permissions
https://github.com/theXappy/RemoteNET
#csharp #injection #pentest
GitHub
GitHub - theXappy/RemoteNET: Examine, create and interact with remote objects in other .NET processes.
Examine, create and interact with remote objects in other .NET processes. - theXappy/RemoteNET
This media is not supported in your browser
VIEW IN TELEGRAM
KernelCallbackTable Injection
KernelCallbackTable which could be abused to inject shellcode in a remote process. This method of process injection was used by FinFisher/FinSpy and Lazarus.
https://captmeelo.com/redteam/maldev/2022/04/21/kernelcallbacktable-injection.html
#edr #bypass #injection #cpp #maldev
KernelCallbackTable which could be abused to inject shellcode in a remote process. This method of process injection was used by FinFisher/FinSpy and Lazarus.
https://captmeelo.com/redteam/maldev/2022/04/21/kernelcallbacktable-injection.html
#edr #bypass #injection #cpp #maldev
😡 Brute-Ratel-C4-Community-Kit
This repository contains scripts, configurations and deprecated payload loaders for Brute Ratel C4. Anything which is added in the deprecated folder will not be a part of the latest release of BRc4.
https://github.com/paranoidninja/Brute-Ratel-C4-Community-Kit
#c2 #bof #shellcode #injection
This repository contains scripts, configurations and deprecated payload loaders for Brute Ratel C4. Anything which is added in the deprecated folder will not be a part of the latest release of BRc4.
https://github.com/paranoidninja/Brute-Ratel-C4-Community-Kit
#c2 #bof #shellcode #injection
GitHub
GitHub - paranoidninja/Brute-Ratel-C4-Community-Kit: This repository contains scripts, configurations and deprecated payload loaders…
This repository contains scripts, configurations and deprecated payload loaders for Brute Ratel C4 (https://bruteratel.com/) - paranoidninja/Brute-Ratel-C4-Community-Kit
This media is not supported in your browser
VIEW IN TELEGRAM
💉ClipboardInject
Abusing the clipboard to inject code into remote processes
This PoC uses the clipboard to copy a payload into a remote process, eliminating the need for
#maldev #injection #clipboard #redteam
Abusing the clipboard to inject code into remote processes
This PoC uses the clipboard to copy a payload into a remote process, eliminating the need for
VirtualAllocEx/WriteProcessMemory
https://www.x86matthew.com/view_post?id=clipboard_inject#maldev #injection #clipboard #redteam
👍9
💉 Dirty Vanity — A New Approach to Code injection & EDR bypass
A POC for the new injection technique, abusing windows fork API to evade EDRs.
Source:
https://github.com/deepinstinct/Dirty-Vanity
Research:
https://i.blackhat.com/EU-22/Thursday-Briefings/EU-22-Nissan-DirtyVanity.pdf
#av #edr #bypass #injection #fork #api
A POC for the new injection technique, abusing windows fork API to evade EDRs.
Source:
https://github.com/deepinstinct/Dirty-Vanity
Research:
https://i.blackhat.com/EU-22/Thursday-Briefings/EU-22-Nissan-DirtyVanity.pdf
#av #edr #bypass #injection #fork #api
GitHub
GitHub - deepinstinct/Dirty-Vanity: A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www…
A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass...
👍6❤1
🧪 NtQueueApcThreadEx — NTDLL Gadget Injection
This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret gadget can be used for stealthy code injection.
Source:
https://github.com/LloydLabs/ntqueueapcthreadex-ntdll-gadget-injection
#apc #ntdll #injection #clang #redteam
This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret gadget can be used for stealthy code injection.
Source:
https://github.com/LloydLabs/ntqueueapcthreadex-ntdll-gadget-injection
#apc #ntdll #injection #clang #redteam
🔥5👍1