Encoding Shellcode for use within malware.
Category: Malware Dev
Import Address Tables
Hiding IAT entries to evade detection.
Malicious Nim Code
Using Nim to write some simple tools.
System Call Execution
Writing a process injection tool using direct system calls.
ClickOnce Droppers
Creating a ClickOnce installer for Phishing campaigns.
NT API Shellcode Execution
Process Injection using NtCreateSection and NtMapViewOfSection.
Access Token Manipulation
Assuming other users identities by copying access tokens.
Shellcode Execution via Fibers
Using fibers instead of threads to run shellcode.
Process Argument Spoofing
Modifying the Process Environment Block for process argument spoofing.
Windows Defender Memory Scanning Evasion
Evading Windows Defender memory scanning.
Process Injection
CreateRemoteThread Process Injection in C#
Unhooking Event Tracing for Windows
Bypassing ETW userland hooks.
Assembly.Load & AMSI
Bypassing AMSI when using Assembly.Load.
DNS Tunneling
Using the Domain Name System as a Command & Control mechanism.
ICMP Tunneling
Tunneling C2 messages in ICMP traffic.