|
You are here |
pentestlab.blog | ||
| | | | |
oldboy21.github.io
|
|
| | | | | Hello, Hello, Aloooooooo. After some time away from coding I am here again talking about sleeping masks. Thanks to the great cybersec community there is always something to work on ?? Last time in my blog I have talked how to hide a memory mapping (where in my case a ReflectiveDLL is loaded) from memory scanners. Particularly, SLEAPING and SWAPPALA techniques are used to swap the malicious mapping with a legit Microsoft DLL at the same address, at sleeping time. | |
| | | | |
redteaming.co.uk
|
|
| | | | | DLL Side-Loading or DLL Proxy loading allows an attacker to abuse a legitimate and typically signed executable for code-execution on a compromised system. Mitre has been keeping a log of this technique since 2017, and it continues to be a popular option by threat actors (For good reasons!) Proxy loading is very similar to DLL... | |
| | | | |
cocomelonc.github.io
|
|
| | | | | ||
| | | | |
eshard.com
|
|
| | | We follow Andrew, a Malware Analyst, before and after implementing Time Travel Analysis as his main tool for Reverse Engineering malware. | ||