Discover cocomelonc/2022-08-16-malware-av-evasion-9 Open Source

Cybersecurity research results. Simple C/C++ and Python implementations

211

meow

154

ejpt

some eJPT exam preparation notes

Cybersecurity blog. Red Team, pentest, malware analysis and dev

cocomelonc.github.io

JavaScript

bsprishtina-2024-maldev-workshop

BSides Prishtina 2024 Malware Development and Persistence workshop

2022-06-05-malware-av-evasion-7

Malware AV evasion via disable Windows Defender (Registry). C++

Find kernel32 base and API addresses. Simple C++ implementation

2022-04-02-malware-injection-18

Vulnerabilities exploitation examples, python

vulnexipy

Run payload like a Lazarus Group (UuidFromStringA). C++ implementation

2022-07-21-malware-tricks-22

Code injection via ZwCreateSection, ZwUnmapViewOfSection. C++ example

2022-01-14-malware-injection-13

Process injection via KernelCallbackTable

2022-01-24-malware-injection-15

2022-06-27-malware-injection-20

Run shellcode via EnumDesktopsA. C++ implementation

Malware persistence via COM DLL hijacking. C++ implementation example

2022-05-02-malware-pers-3

Malware development: persistence - part 1: startup folder registry keys. C++ implementation

2022-04-20-malware-pers-1

AV engines evasion for C++ simple malware part 1 source code

2021-04-09-av-evasion-1-

Malware dev tricks: parent PID spoofing. C++ implementation

2022-09-06-malware-tricks-23

Classic DLL injection. Download dll from url and inject. Simple C++ implementation

2022-04-13-malware-injection-19

Malware dev. Run shellcode via EnumChildWindows. C++ implementation

2022-07-13-malware-injection-21

Code injection via memory sections (Zw) and ZwQueueApcThread. C++ malware example

2022-01-17-malware-injection-14

OFFZONE 2024 Malware Persistence workshop

offzone-2024-malware-persistence-workshop

2021-09-19-injection-1

C++ classic code injection example. Source code of my post

Windows persistence via screensavers. Simple C++ implementation

2022-04-26-malware-pers-2

AV evasions part 4. Trick with hide API calls via ordinals. Simple C++ example

2022-03-18-malware-av-evasion-4

Malware dev persistence part 10: via Image File Execution Options. C++ implementation

2022-09-10-malware-pers-10

Malware dev tricks. Syscalls part 1. Simple C example

2023-06-07-syscalls-1

2022-10-28-token-theft-2

APT techniques: Token theft via UpdateProcThreadAttribute. C++ implementation

AV evasion part 5. C++ implementation

2022-03-22-malware-av-evasion-5

Malware dev tricks - part 33. Syscalls part 2. Simple C++ PoC example

2023-06-09-syscalls-2

2023-06-04-malware-tricks-31

Malware dev trick part 31. Simple C++ PoC

2022-10-21-malware-pers-16

Malawre development persistence: part 16. C++ implementation

Malware development persistence part 4. Simple C++ example

2022-05-09-malware-pers-4

Malware AV evasion trick: payload encoding via Z85 algorithm. C++ implementation

2022-07-29-malware-av-evasion-8

2022-08-26-malware-pers-9

Malware persistence via change default file association. C++ malware example

Malware persistent trick. Winlogon registry keys. C++ implementation

2022-06-12-malware-pers-7

Code injection via NtOpenProcess and NtAllocateVirtualMemory

2021-12-11-malware-injection-11

Malware persistence via Port Monitors. C++ implementation

2022-06-19-malware-pers-8

Malware AV/VM evasion: anti-debugging. NtGlobalFlag. C++ implementation

2022-09-15-malware-av-evasion-10

Malware dev tricks: part 30. Find pid NtGetNextProcess. Simple C++ implementation

2023-05-26-malware-tricks-30

Source code of my post about reverse shells

2021-09-11-reverse-shells

2022-11-16-malware-pers-19

Malware persistence part 19. Simple C++ implementation

Malware development: persistence - part 13. C++ implementation example

2022-10-04-malware-pers-13

Malware AV/VM evasion part 15: GetModuleHandle: simple implementation

2023-04-08-malware-av-evasion-15

AV/VM evasion techniques part 6. C++ implementation

2022-04-09-malware-av-evasion-6

Basic API hooking via push/retn method. Simple C++ example

2022-03-08-basic-hooking-2

Malware development tricks part 25. Simple C++ implementation

2022-12-21-malware-tricks-25

Malware analysis part 6. Shannon entropy

2022-11-05-malware-analysis-6

Simple payload injection logic via FindWindow. Classic process injection impl C++

2022-03-14-malware-injection-17

Malware dev: persistence - part 5. AppInitDLLs. C++ implementation

2022-05-16-malware-pers-5

Malware dev tricks: part 29. Fileless storage - Registry. C++ implementation

2023-05-22-malware-tricks-29

Windows access token manipulation. C++ implementation example

2022-09-25-token-theft-1

Classic DLL injection via SetWindowsHookEx. Simple C++ example

2021-11-24-malware-injection-7

Malware persistence part 6. Via Netsh helper DLL. C++ implementation

2022-05-29-malware-pers-6

Find kernel32.dll base address via ASM

2021-10-30-windows-shellcoding-2

Malware persistence part 18. Simple C++ implementation

2022-11-02-malware-pers-18

Malware dev tricks: part 28. C++ example (PoC)

2023-05-11-malware-tricks-28

Malware dev - persistence part 14. C++ implementation example

2022-10-09-malware-pers-14

APC code injection technique example. C++

2021-11-11-malware-injection-3

Linux shellcoding tutorial with examples

2021-10-09-linux-shellcoding-1

Malware dev tricks: part 24. ListPlanting. C++ implementation example

2022-11-27-malware-tricks-24

DLL injection to another process via undocumented NtCreateThreadEx

2021-12-06-malware-injection-9

Malware analysis part 4. Simple python script to upload file to VirusTotal and get info about result of analysis

2022-02-23-malware-analysis-4

simple C++ windows reverse shell with AES encryption (command) example

2021-09-15-rev-c-1

Malware persistence via CLSID extension handling. C++ implementation

2023-01-20-malware-pers-21

Malware AV evasion - part 14. Encryption/decryption via A5/1

2023-03-24-malware-av-evasion-14

2021-12-07-malware-injection-10

Code injection via undocumented NtAllocateVirtualMemory

Process injection via hunting RWX memory. C++ malware

2022-02-01-malware-injection-16

Malware persistence part 15: IE. C++ implementation

2022-10-12-malware-pers-15

2022-09-20-malware-pers-11

Malware persistence part 11. Powershell profile. C++ implementation example

Malware AV evasion via Madryga algorithm encryption. C++ implementation

2023-03-09-malware-av-evasion-13

2021-12-21-simple-malware-av-evasion-3

AV evasion techniques - part 3. Simple C++ malware

NASM tutorial. Malware analysis part 2

2021-10-08-malware-analysis-2

Code injection via utilizing sections for malicious code execution

2021-12-13-malware-injection-12

Threat hunting with YARA. Simple malware example and YARA rule. C++

2022-02-15-malware-analysis-3

Classic 5-byte hook example. C++

2021-11-30-basic-hooking-1

Malware persistence - part 12. via Accessibility Features. C++ implementation

2022-09-30-malware-pers-12

Code injection via Windows Fibers. Simple C++ example

2021-11-26-malware-injection-8

Classic DLL injection to remote process. C++ source code

2021-09-24-injection-2

DLL hijacking with exported functions

2021-10-12-dll-hijacking-2

2021-09-24-dllhijack

Source code of DLL hijacking in windows. Proof of Concept. Simple C example

2021-09-06-av-evasion-2

AV engines evasion for C++ simple malware part 2

C++ simple injector with findMyProc function which find process by name and inject DLL to it

2021-09-29-processfind-1

Run shellcode via inline ASM. C++ example

2021-12-03-inline-asm-1

Basic memory forensics with Volatility 3. Simple example - classic process injection

2022-02-07-mem-forensics-1

Windows shellcoding part1. Simplest examples in C/C++

2021-10-26-windows-shellcoding-1

2023-04-16-malware-av-evasion-16

AV/VM evsaion part 16. C++ example

Malware AV evasion - part 12. encrypt payload with TEA. C++ implementation

2023-02-20-malware-av-evasion-12

2023-02-13-malware-av-evasion-11

Malware AV evasion part 11. DES encryption. C++ implementation.

Classic stack buffer overflow exploitation

2021-10-20-buffer-overflow-1

APC injection via Queue an APC into all the threads

2021-11-22-malware-injection-5

Persistence via UserInitMprLogonScript key value. Simple C++ implementation

2022-12-09-malware-pers-20

Malware development tricks 27. LoadLibrary implementation

2023-04-27-malware-tricks-27

Linux shellcoding part 2: Reverse TCP shell

2021-10-17-linux-shellcoding-2

Code injection via thread hijacking. C++ malware example

2021-11-23-malware-injection-6

Malware analysis - part 8: MurmurHash2. C++ implementation

2023-02-10-malware-analysis-8

APC injection via undocumented NtTestAlert

2021-11-20-injection-4

Intoduction to malware analysis. Begin x86 assembly lang crash course with examples.

2021-10-03-malware-analysis-1

Malware analysis part 7. YARA rule for CRC32 hash. Simple implementation of part of the REvil ransomware's logic

2023-01-27-malware-analysis-7

Ransomware simulation PoC for different cryptographic algorithms

meoware

nrzCTF-writeups

My own writeups for https://nrzctf.kz

Proof of Concept example for abusing Process Hacker 2 (v2.39.124)

100

hack-process-hacker2