Logo Dark Logo Light Logo
  • Home
  • Cheat-Sheets
    • Windows Priv-Esc
    • Linux Priv-Esc
    • Service Enumeration
  • About Me
  • Contact
Mobile logo
  • Home
  • Cheat-Sheets
    • Windows Priv-Esc
    • Linux Priv-Esc
    • Service Enumeration
  • About Me
  • Contact
Oct 14 2020

Alaris | A Protective Loader

by Joshua
2 Comments
in assembly, C++, Defender Bypass, EDR Bypass, Shellcode Loader, syscalls

To date, we've reviewed techniques such as shellcode loading and encryption, circumventing detection, and building in our own syscalls. Today, I'm releasing Alaris, a new shellcode loader that will utilize many of the previous techniques discussed within this blog as well as add a few new...

Read more
6
Apr 13 2020

Process Injection Part 2 | QueueUserAPC()

by Joshua
4 Comments
in assembly, AV Bypass, Code Execution, Process Injection, Shellcode, syscalls, Sysmon, System Calls

Low Level Process Injection using QueueUserAPC() via direct x86 asm syscalls to bypass AV, EDR, and Sysmon....

Read more
1
Apr 08 2020

Process Injection Part 1 | CreateRemoteThread()

by Joshua
6 Comments
in assembly, C++, Process Injection, syscalls, Sysmon, System Calls

Process Injection using Direct Syscalls and CreateRemoteThread...

Read more
4
Feb 08 2020

Hunting Onions – A Framework for Simple Darknet Analysis

by Joshua
0 Comments
in APT Emulation, darknet, deep web, onion, OSINT, Python, tor

A simple Python3 framework for obtaining, analyzing, and categorizing Onion Domains...

Read more
0
Nov 20 2019

Vulnserver KSTET Socket Re-use

by Joshua
0 Comments
in assembly, buffer overflow, OSCE, Python

In a previous post, Vulnserver KSTET Egg Hunter, we looked at how we can use an egghunter to obtain code execution within a larger chunk of memory. In this post, we will look at the KSTET Socket re-use WS2_32.dll recv() function and how we can...

Read more
0
Older Posts