LLVM Obfuscation

Setting up Obfuscator LLVM with Visual Studio 2022.

Encoding Shellcode as IP Addresses

Converting shellcode to look like a series of IP addresses.

Function Name Hashing

Replacing existing ROR13 function hash names in shellcode to evade signature based detection.

Module Stomping

Executing Shellcode from the address space of known good DLL’s.

Callback Shellcode Execution

Executing Shellcode using function callbacks.

Inline Function Hooking

Creating a C++ DLL to modify a target applications behaviour.

Disguising Client Side Payloads

Ways of making payloads a little less suspicious.

User Mode APC Queue Injection

Using user-mode APC functions to execute code in remote processes.

Sleep Masks

Writing sleep masks in x64 assembly.

Offensive PowerShell

Using GetDelegateForFunctionPointer to execute Win32 API’s from memory in Powershell.

Reflective DLL Injection

Executing DLL’s from memory.

DLL Injection

Injecting DLL’s into remote processes.