There are no reviews yet. Be the first to send feedback to the community and the maintainers!
DEFCON-31-Syscalls-Workshop
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".Payload-Download-Cradles
This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.Create-Thread-Shellcode-Fetcher
This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and download and execute your C2-shellcode which is hosted on your (C2)-webserver.Direct-Syscalls-vs-Indirect-Syscalls
The following two code samples can be used to understand the difference between direct syscalls and indirect syscallsDirect-Syscalls-A-journey-from-high-to-low
Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).Taskschedule-Persistence-Download-Cradles
Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flaggedDSC_SVC_REMOTE
This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service path, etc. The payload itself can be remotely hosted, downloaded via the wininet library and then executed via direct system calls.AV-EPP-EDR-Windows-API-Hooking-List
Depending on the AV/EDR we will check which Windows APIs are hooked by the AV/EDRCreate_Thread_Inline_Assembly_x86
This POC provides the possibilty to execute x86 shellcode in form of a .bin file based on x86 inline assemblyC2-Traffic-Redirection
Different possibilities to redirect the C2 traffic with a redirector instance to your C2-serverShell-we-Assembly
Shellcode execution via x86 inline assembly based on MSVC syntaxConference-Slides
Create_Thread-Inline_Assembly_x86_Fibers
This POC provides the ability to execute x86 shellcode in the form of a .bin file based on x86 inline assembly and execution over fibersMailfilter-and-Firewall-Check
Different attachment file types to check, which attachment types can be downloaded from your windows environmentObfLoader
MAC, IPv4, UUID shellcode Loaders and Obfuscators to obfuscate the shellcode and using some native API to converts it to it binary format and loads it.PRE-Pentest
Possibilities to gather information before preparing your malwareMessagebox-Test
ProcessInjection
Code for an upcoming course regarding Process Injection techniquesLove Open Source and this site? Check out how you can help us