Category: Malware Dev

Malware Dev

User Mode APC Queue Injection

Using user-mode APC functions to execute code in remote processes.

Malware Dev

Sleep Masks

Writing sleep masks in x64 assembly.

Malware Dev

Offensive PowerShell

Using GetDelegateForFunctionPointer to execute Win32 API’s from memory in Powershell.

Malware Dev

Reflective DLL Injection

Executing DLL’s from memory.

Malware Dev

DLL Injection

Injecting DLL’s into remote processes.

Malware Dev

Interacting with Foreign Handlers

Writing stagers to interact with foreign C2 frameworks.

Malware Dev

Persistence Mechanisms

Maintaining access to a target system.

Malware Dev

Password Filters

Using password filters to intercept logon credentials.

Malware Dev

Keystroke Logging

Logging Keystrokes with SetWindowHookEx.

Malware Dev

Process Mitigation Policies & ACG

Attempting to use binary signature policies and arbitrary code guard to bypass userland hooks.

Malware Dev

Parent Process ID Spoofing

Supplying arbitrary PPID values to CreateProcess.

Malware Dev

Shellcode Obfuscation

Encoding Shellcode for use within malware.