Explore >> Select a destination
|
You are here 
|
scorpiosoftware.net | ||
| | | | |
openpunk.com
|
|
| | | | | Recently I faced a rather intimidating problem while working on a project. The problem was fairly simple from an objective point of view: "How do I load a DLL into a process on startup?" Now you might be wondering, "Why not just patch the IAT (import address table) on the executable and force it to load your payload DLL??" Yes! That was my exact thoughts too, however for reasons I'll explain it wasn't that simple. | |
| | | | |
pentestlab.blog
|
|
| | | | | DLL Proxy Loading is a technique which an arbitrary DLL exports the same functions as the legitimate DLL and forwards the calls to the legitimate DLL in an attempt to not disrupt the execution flow so the binary is executed as normal. The technique falls under the category of DLL Hijacking and it is typically... | |
| | | | |
modexp.wordpress.com
|
|
| | | | | Introduction Quick post about Windows System calls that I forgot about working on after the release of Dumpert by Cn33liz last year, which is described in this post. Typically, EDR and AV set hooks on Win32 API or NT wrapper functions to detect and mitigate against malicious activity. Dumpert attempts to bypass any user-level hooks... | |
| | | | |
oldboy21.github.io
|
|
| | | Hello, Hello, Aloooooooo. After some time away from coding I am here again talking about sleeping masks. Thanks to the great cybersec community there is always something to work on ?? Last time in my blog I have talked how to hide a memory mapping (where in my case a ReflectiveDLL is loaded) from memory scanners. Particularly, SLEAPING and SWAPPALA techniques are used to swap the malicious mapping with a legit Microsoft DLL at the same address, at sleeping time. | ||
