Shellcode Injection Techniques
A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload.
https://github.com/plackyhacker/Shellcode-Injection-Techniques
#inject #shellcode #csharp
A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload.
https://github.com/plackyhacker/Shellcode-Injection-Techniques
#inject #shellcode #csharp
GitHub
GitHub - plackyhacker/Shellcode-Injection-Techniques: A collection of C# shellcode injection techniques. All techniques use an…
A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload. I will be building this project up as I learn, discover or develop more techniques. Some ...
This media is not supported in your browser
VIEW IN TELEGRAM
jq + grep + fzf + curl = SharpCollection
https://github.com/Flangvik/SharpCollection
https://github.com/Flangvik/SharpCollection
alias SharpCollection='print -z `curl -sSL "https://api.github.com/repos/Flangvik/SharpCollection/git/trees/master?recursive=1" | jq -r ".tree[].path" | grep \\.exe | while read line; do echo "curl -sSL https://github.com/Flangvik/SharpCollection/raw/master/$line >"; done | fzf --tac`'#csharp #collection #tooling
RemoteNET
This library lets you examine, create and interact with remote objects in other .NET processes.
It's like System.Runtime.Remoting except the other app doesn't need to be compiled (or consent) to support it.
Basically this library lets you mess with objects of any other .NET app without asking for permissions
https://github.com/theXappy/RemoteNET
#csharp #injection #pentest
This library lets you examine, create and interact with remote objects in other .NET processes.
It's like System.Runtime.Remoting except the other app doesn't need to be compiled (or consent) to support it.
Basically this library lets you mess with objects of any other .NET app without asking for permissions
https://github.com/theXappy/RemoteNET
#csharp #injection #pentest
GitHub
GitHub - theXappy/RemoteNET: Examine, create and interact with remote objects in other .NET processes.
Examine, create and interact with remote objects in other .NET processes. - theXappy/RemoteNET
EDR Parallel-asis through Analysis
New method for enumerating Syscalls numbers using the Parallel loader
Research:
https://www.mdsec.co.uk/2022/01/edr-parallel-asis-through-analysis/
C++ Code Snipped:
https://github.com/mdsecactivebreach/ParallelSyscalls
C# Code Snipped:
https://github.com/cube0x0/ParallelSyscalls
#edr #evasion #parallel #csharp
New method for enumerating Syscalls numbers using the Parallel loader
Research:
https://www.mdsec.co.uk/2022/01/edr-parallel-asis-through-analysis/
C++ Code Snipped:
https://github.com/mdsecactivebreach/ParallelSyscalls
C# Code Snipped:
https://github.com/cube0x0/ParallelSyscalls
#edr #evasion #parallel #csharp
Process Ghosting
This article describes a new executable image tampering attack similar to, but distinct from, Doppelgänging and Herpaderping. With this technique, an attacker can write a piece of malware to disk in such a way that it’s difficult to scan or delete it — and where it then executes the deleted malware as though it were a regular file on disk. This technique does not involve code injection, process hollowing, or Transactional NTFS (TxF).
Research:
https://www.elastic.co/blog/process-ghosting-a-new-executable-image-tampering-attack
C# Code Snippet:
https://github.com/Wra7h/SharpGhosting
#edr #evasion #process #ghosting #csharp
This article describes a new executable image tampering attack similar to, but distinct from, Doppelgänging and Herpaderping. With this technique, an attacker can write a piece of malware to disk in such a way that it’s difficult to scan or delete it — and where it then executes the deleted malware as though it were a regular file on disk. This technique does not involve code injection, process hollowing, or Transactional NTFS (TxF).
Research:
https://www.elastic.co/blog/process-ghosting-a-new-executable-image-tampering-attack
C# Code Snippet:
https://github.com/Wra7h/SharpGhosting
#edr #evasion #process #ghosting #csharp
🔥3
APT
Process Ghosting This article describes a new executable image tampering attack similar to, but distinct from, Doppelgänging and Herpaderping. With this technique, an attacker can write a piece of malware to disk in such a way that it’s difficult to scan…
EDRChecker
Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for the presence of known defensive products such as AV's, EDR's and logging tools.
C#
https://github.com/PwnDexter/SharpEDRChecker
PowerShell
https://github.com/PwnDexter/Invoke-EDRChecker
#edr #checker #csharp #powershell #tools
Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for the presence of known defensive products such as AV's, EDR's and logging tools.
C#
https://github.com/PwnDexter/SharpEDRChecker
PowerShell
https://github.com/PwnDexter/Invoke-EDRChecker
#edr #checker #csharp #powershell #tools
Unmanaged Code Execution with .NET Dynamic PInvoke
https://bohops.com/2022/04/02/unmanaged-code-execution-with-net-dynamic-pinvoke/
#edr #evasion #pinvoke #csharp #blog
https://bohops.com/2022/04/02/unmanaged-code-execution-with-net-dynamic-pinvoke/
#edr #evasion #pinvoke #csharp #blog
bohops
Unmanaged Code Execution with .NET Dynamic PInvoke
Yes, you read that correctly – “Dynamic Pinvoke” as in “Dynamic Platform Invoke” Background Recently, I was browsing through Microsoft documentation and other blogs to…
This media is not supported in your browser
VIEW IN TELEGRAM
🐞 Malware Development for Dummies
In the age of EDR, red team operators cannot get away with using pre-compiled payloads anymore. As such, malware development is becoming a vital skill for any operator. Getting started with maldev may seem daunting, but is actually very easy. This workshop will show you all you need to get started!
Slides:
https://github.com/chvancooten/maldev-for-dummies/tree/main/Slides
Exercises:
https://github.com/chvancooten/maldev-for-dummies/tree/main/Exercises
#maldev #csharp #nim
In the age of EDR, red team operators cannot get away with using pre-compiled payloads anymore. As such, malware development is becoming a vital skill for any operator. Getting started with maldev may seem daunting, but is actually very easy. This workshop will show you all you need to get started!
Slides:
https://github.com/chvancooten/maldev-for-dummies/tree/main/Slides
Exercises:
https://github.com/chvancooten/maldev-for-dummies/tree/main/Exercises
#maldev #csharp #nim
👍4
🛠 DynamicSyscalls
This is a library written in .net resolves the syscalls dynamically (Has nothing to do with hooking/unhooking).
https://github.com/Shrfnt77/DynamicSyscalls
#maldev #csharp #syscall #library
This is a library written in .net resolves the syscalls dynamically (Has nothing to do with hooking/unhooking).
https://github.com/Shrfnt77/DynamicSyscalls
#maldev #csharp #syscall #library
GitHub
GitHub - Shrfnt77/DynamicSyscalls: DynamicSyscalls is a library written in .net resolves the syscalls dynamically (Has nothing…
DynamicSyscalls is a library written in .net resolves the syscalls dynamically (Has nothing to do with hooking/unhooking) - Shrfnt77/DynamicSyscalls
👍2🔥1
🦾 SharpTerminatator
Terminate AV/EDR Processes using kernel driver. SharpTerminatator is a C# port of ZeroMemoryEx's art piece called Terminator. It can be used with Cobalt Strike's execute-assembly or as a standalone executable.
https://github.com/mertdas/SharpTerminator
#av #edr #cobaltstrike #csharp
Terminate AV/EDR Processes using kernel driver. SharpTerminatator is a C# port of ZeroMemoryEx's art piece called Terminator. It can be used with Cobalt Strike's execute-assembly or as a standalone executable.
https://github.com/mertdas/SharpTerminator
#av #edr #cobaltstrike #csharp
🔥3