v x

Invisible Text. Fuck you.

Home Code Archive ICS SCADA Papers Linux Papers Malware Defense Papers Other Papers Windows Papers Malware Samples Malware Sample Collections APT Collection

Evasion

Abusing Windows’ Implementation of Fork() for Stealthy Memory Operations
Alternate Method Of Contacting IPV4
An Alternative Method To Enumerate Processes
Antivirus Artifacts III
AppLocker bypass by hash caching misuse
Binary Data Hiding in VB6 Executables
Bypassing LSA Protection in Userland
Bypassing PESieve and Moneta The easy way
Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams
Creating Processes By Using Undocumented COM APIs
Demonstrating API Hooking in Rust
Demonstrating Copying Data To A GPU - GpuMemoryAbuse
Dynamically Retrieving SYSCALLs - Hells Gate
Evading WinDefender ATP credential-theft a hit after a hit-and-miss start
Evil Model - Hiding Malware
Excel Macro Anti-Analysis Techniques
Gargoyle x64 - DeepSleep
Heresys Gate Kernel ZwNTDLL Scraping + Work Out Ring 0 to Ring 3 via Worker Factories
How to obfuscate strings using CPlusPlus constexpr Or how to do it correctly at compile time
Identifying Antivirus Software by enumerating Minifilter String Names
Invisible Sandbox Evasion - Check Point Research
Manipulating LastWriteTime without leaving traces in the NTFS USN Journal
Manual Implementation of BlockDLLs and ACG
NtdllPipe - Using cmd.exe to retrieve a clean version of ntdll.dll
Programmatically Hiding Windows Snapshots
Reload Executable Files to Achieve Efficient Inline-Hook
Resolving System Service Numbers using the Exception Directory
Saruman Antiforensics Executable Injector
Sleep Obfuscation - Ekko
The Fake Entry Point Trick
The Ultimate Anti-Debugging Reference
Using UPX as a Security Packer

Process Injection

Callback Injection via EnumChildWindows
Callback Injection via EnumDateFormatsA
Callback Injection via EnumDesktopW
Callback Injection via EnumDesktopWindows
Callback Injection via EnumSystemCodePagesA
Callback Injection via EnumSystemCodePagesW
Callback Injection via EnumSystemGeoID
Callback Injection via EnumSystemLanguageGroupsA
Callback Injection via EnumSystemLocalesA
Callback Injection via EnumThreadWindows
Callback Injection via EnumUILanguagesA
Callback Injection via EnumWindows
CreateRemoteThread Process Injection
Ctrl-Inject Demonstration 1
Ctrl-Inject Demonstration 2
Ctrl-Inject
Demonstrating ATOM Bombing
Demonstrating Process Injection in Rust - Rusty Memory LoadLibrary
Demonstrating Reflective DLL Loading - KaynLdr
From Process Injection to Function Hijacking
GetEnvironmentVariable As Alternative to WriteProccessMemory in Process Injections
Ghostwrite Demonstration
Hunting for Ghosts in Fileless Attacks
Implementing Global Injection and Hooking in Windows
KCTHIJACK - KernelCallbackTable Hijack
Masking Malicious Memory Artifacts Part 1 – Phantom DLL Hollowing
NINA - x64 Process Injection
Nls Code Injection Through The Registry
Notes on RtlCloneUserProcess
PE Injection Demonstration 1
PE Injection Demonstration 2
PE Injection Explained Advanced memory code injection technique
PE Injection_ Executing PEs inside Remote Processes
Process Doppelgänging POC
Process HerpaDerping
Process Injection Techniques - Gotta Catch Them All
Process Injection Techniques and Detection using the Volatility Framework
Process Injection Techniques used by Malware
Process Injection Techniques
Process Injection via Component Object Model (COM) IRundown-DoCallback()
Process Overwriting - yet another variant
Process-Hollowing Example
ReflectiveDLLInjection Example
Remote Library Injection
SetThreadContextInjection Example
SetWindowsHookExInjection Example
The ExtraWindowInject Process Injection Technique
The state of advanced code injections
UserApcInject Example
Weaponize GhostWriting Injection Code Injection Series Part 5
Weaponizing Mapping Injection With instrumentation Callback

System Components and Abuse

A blueprint for evading industry leading endpoint protection in 2022
About XLL Phishing
Abusing the Windows Power Management API
An alternate way to execute a binary - NtQueryInformationProcess and the AeDebugProtected key
Azure Outlook C2
Backstab - Demonstrating how to kill EDR protected processes
Cmd Hijack - A Command_Argument Confustion with Path Traversal
Crashing Windows by Abusing NtRaiseHardError
Create Microsoft-Signed Phishing Documents
Demonstating How to Dump Chrome Passwords
Demonstrating Keylogging Using NtUserGetRawInputDataKeylogger
Demonstrating USB Propagation
Design issues of modern EDRs bypassing ETW-based solutions
Detecting Manual Syscalls from User Mode
Digging into PssCaptureSnapshot for LSASS Dumping
Dumping LSASS - MiniDumpWriteDump to Disk
Dumping LSASS - MiniDumpWriteDump to Memory using MiniDump Callbacks
Dumping passwords using KRShowKeyMgr
Exercising the Firewall using Cplusplus
Exfiltrating Data from Outlook Demonstration
FveApiDLL Abuse Demonstration
GetRawInputData Keylogger Demonstration
Hooks-On Hoot-Off Vitaminizing MiniDump
How Red Teams Bypass AMSI and WLDP for .NET Dynamic Code
How to use Trend Micro's Rootkit Remover to Install a Rootkit
Ipv4Fuscation Demonstration
Knock Knock The postman is here (abusing Mailslots and PortKnocking for connectionless shells)
LogNT32 - Part 2 - Return-address hijacking implemented to improve efficiency
Make phishing great again-VSTO office files are the new macro nightmare
Malicious XLL Demonstration
Malicious ZIP Demonstration
MiniDumpWriteDump and PssCaptureSnapshot
NTSockets - Downloading a file via HTTP using the NtCreateFile
Offensive Windows IPC Internals 1 Named Pipes
Offensive Windows IPC Internals 2 RPC
Playing Around COM Objects - Part 1
Programmatically Deleting Shadow Volumes - Xaoc
Programmatically Modifying Boot Configurations - BCDEdit
Programmatically Stopping Windows Defender
Reading, Writing, and Executing A File WITHOUT A File Path - yarhLoader
Red Canary - Antimalware Scan Interface (AMSI)
Shellcode - Recycling Compression Algorithms for the Z80, 8088, 6502, 8086 and 68K Architectures
Spawning IE on Windows 11
Stealing Process Tokens POC
Symantec Endpoint Protection Meets COM - Using Symantec.SSHelper As A LOLBIN
The magic behind wlrmdrexe
The worst of the two worlds - Excel meets Outlook
Token Manipulation in Rust Demonation
Trololololobin and other lolololocoasters
UACMe
Unmanaged Code Execution with .NET Dynamic PInvoke
Using DropBox As A C2
Weaponizing Windows Virtualization
wlrmdr.exe LOLBIN

Sponsor

sponsor Tutorial from zetalytics.com

Want to sponsor vx-underground?

Your information could go here