Native Function Static Map
A *very* imperfect attempt to correlate Kernel32 function calls to native API (Nt/Zw) counterparts/execution flow.
# https://u5ksv.csb.app/
# https://github.com/EspressoCake/NativeFunctionStaticMap
#mapping #pinvoke #winapi #maldev
A *very* imperfect attempt to correlate Kernel32 function calls to native API (Nt/Zw) counterparts/execution flow.
# https://u5ksv.csb.app/
# https://github.com/EspressoCake/NativeFunctionStaticMap
#mapping #pinvoke #winapi #maldev
Unmanaged Code Execution with .NET Dynamic PInvoke
https://bohops.com/2022/04/02/unmanaged-code-execution-with-net-dynamic-pinvoke/
#edr #evasion #pinvoke #csharp #blog
https://bohops.com/2022/04/02/unmanaged-code-execution-with-net-dynamic-pinvoke/
#edr #evasion #pinvoke #csharp #blog
bohops
Unmanaged Code Execution with .NET Dynamic PInvoke
Yes, you read that correctly – “Dynamic Pinvoke” as in “Dynamic Platform Invoke” Background Recently, I was browsing through Microsoft documentation and other blogs to…
This media is not supported in your browser
VIEW IN TELEGRAM
⚔️ Remote Code Injection by Abusing CreateProcess and GetEnvironmentVariable
New method of injecting code into a remote process without using WriteProcessMemory.
CreateProcess:
https://www.x86matthew.com/view_post?id=proc_env_injection
GetEnvironmentVariable:
https://x-c3ll.github.io/posts/GetEnvironmentVariable-Process-Injection/
#maldev #process #inject #pinvoke #winapi
New method of injecting code into a remote process without using WriteProcessMemory.
CreateProcess:
https://www.x86matthew.com/view_post?id=proc_env_injection
GetEnvironmentVariable:
https://x-c3ll.github.io/posts/GetEnvironmentVariable-Process-Injection/
#maldev #process #inject #pinvoke #winapi
👍5
🛡 On Detection: Tactical to Functional
The goal of this series is to facilitate a conversation about the more technical aspects of attacks and how a deeper understanding at the more foundational levels helps to provide a batter base to build assumptions from.
🔗 Part 1: Discovering API Function Usage through Source Code Review
🔗 Part 2: Operations
🔗 Part 3: Expanding the Function Call Graph
#maldev #pinvoke #winapi #detection #blueteam #ttp
The goal of this series is to facilitate a conversation about the more technical aspects of attacks and how a deeper understanding at the more foundational levels helps to provide a batter base to build assumptions from.
🔗 Part 1: Discovering API Function Usage through Source Code Review
🔗 Part 2: Operations
🔗 Part 3: Expanding the Function Call Graph
#maldev #pinvoke #winapi #detection #blueteam #ttp
Medium
On Detection: Tactical to Functional
Part 1: Discovering API Function Usage through Source Code Review
👍3