Source Byte

Unorthodox and stealthy way to inject a DLL into the explorer using icons [ GitHub ] @source_byte #malware_dev #windows

Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)

TrollUAC • .NET library that serves as a UAC bypass for x64 • Any* process with the uiAccess flag enabled can "Send Keystrokes" to high integrity processes even from medium integrity • We steal the token of On Screen Keyboard (uiAccess enabled) to spawn a new process that does GUI automation • The GUI automation simply sends keystrokes to taskmgr (auto elevate) to spawn our new desired process in high integrity • *Refer to tiraniddo's article for requirements, although they can easily be conjured up

Golang Virus Example

ExfilDocs Searches drive for specific file extensions Uploads files to C2 via SSH Outlook Exfil Asks for Outlook Credentials Authenticates via IMAP, searches attachments and uploads files to C2 via SSH TO DO: Fix Windows Compilation Screen Shotter Uploads screenshot every 20 seconds to C2 via SSH Dropper Hosts 3 files, downloads them from itself then executes them.

[ GitHub ] Process Injection Techniques with Golang [ GitHub ] Proof of concept SMB C2 using named pipes in Golang [ GitHub ] DLL creation and injection with Golang [ Medium ] ColdFire II(Golang malware development library) [ GitHub ] A POC Windows crypto-ransomware (Academic). Now Ransom:Win32/MauriCrypt.MK!MTB [ GitHub ] Windows Botnet written in Golang [ GitHub ] @source_byte #malware_dev #go

Golang Virus Example

ExfilDocs Searches drive for specific file extensions Uploads files to C2 via SSH Outlook Exfil Asks for Outlook Credentials Authenticates via IMAP, searches attachments and uploads files to C2 via SSH TO DO: Fix Windows Compilation Screen Shotter Uploads screenshot every 20 seconds to C2 via SSH Dropper Hosts 3 files, downloads them from itself then executes them.

[ GitHub ] @source_byte #malware_dev

:(

https://github.com/shreyaschavhan/advanced-sql-injection-for-awae Learning a lil' bit of SQL #github  #SQL

Cloud-Based Identity to Exfiltration Attack Part2 Today, I would like to showcase some detection insights regarding attacks, starting from cloud-based identity attacks and extending to compromised Office 365 environment. https://github.com/LearningKijo/SecurityResearcher-Note/blob/main/SecurityResearcher-Note-Folder/Day16-CloudId-Exfiltration-AttackReport-Part2.md

Cloud-Based Identity to Exfiltration Attack Part1 As I've divided this blog into two parts, this part focuses on Part 1, examining cloud-based identity attacks leading to successful logins to Outlook activities. https://github.com/LearningKijo/SecurityResearcher-Note/blob/main/SecurityResearcher-Note-Folder/Day16-CloudId-Exfiltration-AttackReport-Part1.md

System32 Important Files by Hadess, 2024 #windows

😈 [ eversinc33 🩸🗡️ @eversinc33 ] If you are facing an EDR with PEB protection/obf which makes Ldr inaccessible & want to inject shellcode, just pass the VA of LoadLibrary (which is consistent across processes) to the shellcode via egg-hunting from your injector, enabling lib resolution without touching the PEB. 🐥 [ tweet ] *смешной срач в треде*

https://os.phil-opp.com/ https://github.com/phil-opp/blog_os

Active Directory Enumeration for Red Teams In this post, we will explore how defenders can monitor for suspicious LDAP activity, as well as operational security approaches for red teams conducting LDAP reconnaissance. credits : Dominic Chell https://www.mdsec.co.uk/2024/02/active-directory-enumeration-for-red-teams/ you should not miss this blog :)

Один из подписчиков поделился новым курсом от Sektor7, и был не против отдать его в массы. Это уже третья часть про разработку малвари: Malware Development Advanced Vol.1 Остальные курсы Sector7 тоже есть на канале: 1. RTO: Malware Development Essentials 2. RTO: Windows Persistence 3. RTO: Privilege Escalation in Windows 4. RTO: Malware Development Intermediate 5. RTO: Evasion Windows #course #malware #redteam #pentest

Embedding encrypted payloads in resource section Payload

placement: .rsrc section Adding a resource to our project Retrieving payload contents Locating resource Loading resource contents Obtain a pointer Decrypting the payload Execution

https://ry0dan.github.io/malware%20development/Malware-Development-Crafting-Digital-Chaos-03/ credit : Motawkkel Abdulrhman #malware_dev

pspy is a command line tool designed to snoop on processes without need for root permissions. It allows you to see commands run by other users, cron jobs, etc. as they execute. https://github.com/DominicBreuker/pspy #tool