Using DLL’s as a persistence mechanism.
Category: Malware Dev
LLVM Obfuscation
Setting up Obfuscator LLVM with Visual Studio 2022.
Encoding Shellcode as IP Addresses
Converting shellcode to look like a series of IP addresses.
Function Name Hashing
Replacing existing ROR13 function hash names in shellcode to evade signature based detection.
Module Stomping
Executing Shellcode from the address space of known good DLL’s.
Callback Shellcode Execution
Executing Shellcode using function callbacks.
Inline Function Hooking
Creating a C++ DLL to modify a target applications behaviour.
Disguising Client Side Payloads
Ways of making payloads a little less suspicious.
User Mode APC Queue Injection
Using user-mode APC functions to execute code in remote processes.
Sleep Masks
Writing sleep masks in x64 assembly.
Offensive PowerShell
Using GetDelegateForFunctionPointer to execute Win32 API’s from memory in Powershell.
Reflective DLL Injection
Executing DLL’s from memory.