Executing Shellcode using function callbacks.
Category: Malware Dev
Inline Function Hooking
Creating a C++ DLL to modify a target applications behaviour.
Disguising Client Side Payloads
Ways of making payloads a little less suspicious.
User Mode APC Queue Injection
Using user-mode APC functions to execute code in remote processes.
Sleep Masks
Writing sleep masks in x64 assembly.
Offensive PowerShell
Using GetDelegateForFunctionPointer to execute Win32 API’s from memory in Powershell.
Reflective DLL Injection
Executing DLL’s from memory.
DLL Injection
Injecting DLL’s into remote processes.
Interacting with Foreign Handlers
Writing stagers to interact with foreign C2 frameworks.
Persistence Mechanisms
Maintaining access to a target system.
Password Filters
Using password filters to intercept logon credentials.
Keystroke Logging
Logging Keystrokes with SetWindowHookEx.
Process Mitigation Policies & ACG
Attempting to use binary signature policies and arbitrary code guard to bypass userland hooks.
Parent Process ID Spoofing
Supplying arbitrary PPID values to CreateProcess.
Shellcode Obfuscation
Encoding Shellcode for use within malware.
Import Address Tables
Hiding IAT entries to evade detection.
Malicious Nim Code
Using Nim to write some simple tools.
System Call Execution
Writing a process injection tool using direct system calls.