Source Byte

Someone post it on Twitter and got 5k views and 90 likes while you don't even share post to others 👀

Using Office VBA Macro to exploit a vulnerable driver (zam64.sys) using DeviceIoControl, to get NTAUTHORITY\SYSTEM TL;DR - Ring 0 using Office Doc} Credit: @0xDISREL https://disrel.com/posts/Ring0VBA-Getting-Ring0-Using-a-Goddamn-Word-Document/ #driver , #exploitation, #VBA

How GitLab's Red Team automates C2 testing Credit: @eip_4141 https://about.gitlab.com/blog/2023/11/28/how-gitlabs-red-team-automates-c2-testing/ #c2 ,

Needles Without The Thread: Threadless Process Injection  https://m.youtube.com/watch?si=UlFxll8AwTtMM0Cz&v=z8GIjk0rfbI&feature=youtu.be Credit : @0xclient #thread , #process_injection

Needles Without The Thread: Threadless Process Injection  Credit : @0xclient

Analyzing AsyncRAT's Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases trendmicro.com/en_us/researc… #AsyncRAT , #code_injection , #analysis

+ why are you laughing? - nothing 😂 #mem

decoded PowerShell script that perform C2 connection. The script decodes and executes commands received from a C2 server by using R64Decoder Function. this tool was used by an APT to target @bellingcat https://gist.github.com/whichbuffer/22621545f9f5a1d946affd34f6659e64 #c2 , #powershell , #tool

ROOTCON Media Server “/ROOTCON 16/Talks/” https://media.rootcon.org/ROOTCON%2016/Talks/ #malware_dev

Black hat: process injection techniques - Gotta catch them all https://youtu.be/xewv122qxnk?si=MvVaE9RLQCPQ67wn #malware_analysis #malware_dev

Northsec: https://www.youtube.com/live/pgaGpH2dYFc?si=AO8C8i-Xm9DDSF7F

Ali

Techniques that i will cover here:
[x] Inject Dll in remtote process using CreateRemoteThread API.
[x] Inject Dll in remtote process using SetWindowsHookExW API.
[x] Inject ShellCode in remtote process using CreateRemoteThread API.
[x] Inject ShellCode in remote process using QueueUserAPC API.
[x] Inject ShellCode in remote process using Early Bird Technique.
[x] Inject ShellCode in remote process using TLS CallBack Technique.
[x] Inject using Thread execution hijacking.
[x] Inject Dll in remtote process using Reflective DLL injection.
[x] inject using Process Hollowing.
[x] inject using Process Doppelganging.
[ ] inject using Atom Bombing.
[x] inject using Process Ghosting.
[x] inject and persist using Image File Execution Options.
[x] inject using using AppInit_DLLs Registry.
[x] inject using using AppCertDlls Registry.

https://github.com/MahmoudZohdy/Process-Injection-Techniques/tree/main #malware_dev

Mitre : Process injection Sub-techniques(12) https://attack.mitre.org/techniques/T1055/ #malware_dev

Ten process injection techniques: https://www.elastic.co/blog/ten-process-injection-techniques-technical-survey-common-and-trending-process #malware_dev

Ten process injection techniques: https://www.elastic.co/blog/ten-process-injection-techniques-technical-survey-common-and-trending-process #malware_dev

#meme