Category: Malware Dev

Using GetDelegateForFunctionPointer to execute Win32 API’s from memory in Powershell.

Executing DLL’s from memory.

Injecting DLL’s into remote processes.

Writing stagers to interact with foreign C2 frameworks.

Maintaining access to a target system.

Using password filters to intercept logon credentials.

Logging Keystrokes with SetWindowHookEx.

Attempting to use binary signature policies and arbitrary code guard to bypass userland hooks.

Supplying arbitrary PPID values to CreateProcess.

Encoding Shellcode for use within malware.

Hiding IAT entries to evade detection.

Using Nim to write some simple tools.