Skip to content

fengjixuchui/Malware_learns

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

138 Commits

Random_notes

Random_notes

 
 

binary

binary

 
 

process_injection_course

process_injection_course

 
 

sektor7_malware_dev

sektor7_malware_dev

 
 

templates

templates

 
 

osce1_notes.md

osce1_notes.md

 
 

readme.md

readme.md

 
 

Repository files navigation

This repo wil be a dumping ground of stuff I have learnt/am learning

Trying to focus on AV evasion, payloads have been covered in SLAE

Have completed https://www.pentesteracademy.com/course?id=3
Have completed https://www.pentesteracademy.com/course?id=50
Have completed https://institute.sektor7.net/view/courses/red-team-operator-malware-development-essentials/
Have completed https://www.pentesteracademy.com/course?id=37

Will need to do x64 SLAE at some point: https://www.pentesteracademy.com/course?id=7

Time to do OSEP, after that likely CRTO, definitely advanced malware by sektor7, then cybernetics/APT prolab

To read and digest:
https://makosecblog.com/malware-dev/dll-unhooking-csharp/
https://klezvirus.github.io/RedTeaming/AV_Evasion/CodeExeNewDotNet/
https://www.mdsec.co.uk/2020/03/hiding-your-net-etw/
https://0xpat.github.io/Malware_development_part_1/
https://stackoverflow.com/questions/48969793/how-to-load-dll-dynamically-and-pass-get-value-to-it
https://stackoverflow.com/questions/9905237/older-code-cant-get-a-handle-on-a-dll
https://stackoverflow.com/questions/14479074/c-sharp-reflection-load-assembly-and-invoke-a-method-if-it-exists
https://thewover.github.io/Dynamic-Invoke/
https://posts.specterops.io/offensive-p-invoke-leveraging-the-win32-api-from-managed-code-7eef4fdef16d
https://ethicalchaos.dev/2022/04/17/in-process-patchless-amsi-bypass/
https://waawaa.github.io/es/amsi_bypass-hooking-NtCreateSection/ - To do: implement and test against EDR
https://www.ired.team/offensive-security/code-injection-process-injection/reflective-shellcode-dll-injection

Tools to study:
https://www.netero1010-securitylab.com/evasion/indirect-syscall-in-csharp?fbclid=IwAR3pMyp01GGUNVrlbLlsfIaBITrNLlej2KZmC_3LS5aefSSVADbHPrYswoU. https://github.com/klezVirus/SysWhispers3 (super important)
https://github.com/TheWover/DInvoke
https://github.com/jthuraisamy/SysWhispers2
https://github.com/paranoidninja/CarbonCopy
https://github.com/TheWover/donut
https://github.com/kyleavery/AceLdr
https://github.com/boku7/BokuLoader

Resources: https://malapi.io/

Resources:
http://pinvoke.net/default.aspx/Structures.IMAGE_DOS_HEADER //will need this for building manual maps

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C++ 67.7%
  • C# 21.8%
  • Python 5.0%
  • PowerShell 2.2%
  • Batchfile 1.9%
  • Assembly 1.1%
  • C 0.3%