|
You are here |
theevilbit.github.io | ||
| | | | |
mdanilor.github.io
|
|
| | | | | A beginers guide into a Windows kernel stack overflow vulnerability from zero to advanced bypasses. | |
| | | | |
modexp.wordpress.com
|
|
| | | | | Introduction Quick post about Windows System calls that I forgot about working on after the release of Dumpert by Cn33liz last year, which is described in this post. Typically, EDR and AV set hooks on Win32 API or NT wrapper functions to detect and mitigate against malicious activity. Dumpert attempts to bypass any user-level hooks... | |
| | | | |
www.malwaretech.com
|
|
| | | | | Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations. | |
| | | | |
macrosec.tech
|
|
| | | The first thing we need to do is to identify which dll is crucial for discord to run because that is the dll we will use to perform dll hijacking. In order to find out, we need to open the file location of discord and we see: To identify the COM Keys of Chrome that we can use for COM Hijacking, we use the tool Process Monitor to identify all the processes running when Chrome runs, we also discover the COM servers that are missing CLSID's and the ones which don't require elevated privileges. We use the following filters: | ||