Logo Dark Logo Light Logo
  • Home
  • Cheat-Sheets
    • Windows Priv-Esc
    • Linux Priv-Esc
    • Service Enumeration
  • About Me
  • Contact
Mobile logo
  • Home
  • Cheat-Sheets
    • Windows Priv-Esc
    • Linux Priv-Esc
    • Service Enumeration
  • About Me
  • Contact
Oct 14 2020

Alaris | A Protective Loader

by Joshua
2 Comments
in assembly, C++, Defender Bypass, EDR Bypass, Shellcode Loader, syscalls

To date, we've reviewed techniques such as shellcode loading and encryption, circumventing detection, and building in our own syscalls. Today, I'm releasing Alaris, a new shellcode loader that will utilize many of the previous techniques discussed within this blog as well as add a few new...

Read more
6
Apr 13 2020

Process Injection Part 2 | QueueUserAPC()

by Joshua
4 Comments
in assembly, AV Bypass, Code Execution, Process Injection, Shellcode, syscalls, Sysmon, System Calls

Low Level Process Injection using QueueUserAPC() via direct x86 asm syscalls to bypass AV, EDR, and Sysmon....

Read more
1
Apr 08 2020

Process Injection Part 1 | CreateRemoteThread()

by Joshua
6 Comments
in assembly, C++, Process Injection, syscalls, Sysmon, System Calls

Process Injection using Direct Syscalls and CreateRemoteThread...

Read more
4