Category: Malware Dev

Executing Shellcode from the address space of known good DLL’s.

Executing Shellcode using function callbacks.

Creating a C++ DLL to modify a target applications behaviour.

Ways of making payloads a little less suspicious.

Using user-mode APC functions to execute code in remote processes.

Writing sleep masks in x64 assembly.

Using GetDelegateForFunctionPointer to execute Win32 API’s from memory in Powershell.

Executing DLL’s from memory.

Injecting DLL’s into remote processes.

Writing stagers to interact with foreign C2 frameworks.

Maintaining access to a target system.

Using password filters to intercept logon credentials.