Shellcode Obfuscation

Encoding Shellcode for use within malware.

Import Address Tables

Hiding IAT entries to evade detection.

Malicious Nim Code

Using Nim to write some simple tools.

System Call Execution

Writing a process injection tool using direct system calls.

ClickOnce Droppers

Creating a ClickOnce installer for Phishing campaigns.

NT API Shellcode Execution

Process Injection using NtCreateSection and NtMapViewOfSection.

Access Token Manipulation

Assuming other users identities by copying access tokens.

Shellcode Execution via Fibers

Using fibers instead of threads to run shellcode.

Process Argument Spoofing

Modifying the Process Environment Block for process argument spoofing.

Windows Defender Memory Scanning Evasion

Evading Windows Defender memory scanning.

Process Injection

CreateRemoteThread Process Injection in C#

Unhooking Event Tracing for Windows

Bypassing ETW userland hooks.

Assembly.Load & AMSI

Bypassing AMSI when using Assembly.Load.

DNS Tunneling

Using the Domain Name System as a Command & Control mechanism.

ICMP Tunneling

Tunneling C2 messages in ICMP traffic.