-
Is it possible to inject the Rootkit with C# natively or in some other way, without using PowerShell?
I say this, because the injection with PowerShell, is detected by many AV's. :://
-
Hi first of all great work. The idea of using direct calls and encrypted shellcode along with process hollowing and PPID spoofing is really cool. However I am facing a few issues. I compiled a fresh c…
-
Hello,
I was doing some research on Windows events and ETW and was able to come up with a pretty cool UAC bypass that I wanna share. It abuses ETW events and the Program Compatibility Assistant (vi…
-
Have you thought about the admin panel, for example, taking AsyncRat as the source?
P.S. and yes you have a good stealth. to bypass it, it is not enough to rename the program itself
-
**Describe the bug**
**To Reproduce**
just load the nightly
**Desktop (please complete the following information):**
- OS:Linux
firtst capture --> the last working nightly (Merge br…
-
Sysmon v12 added event ID 24 which is a ClipboardChanged event. The Winlogbeat Sysmon module should be updated to handle this event ID.
When the clipboard changes the contents are archived to file …
-
While expanding the capa rule set, I noticed that there is currently no micro-behavior for resuming a thread. Therefore, I suggest to add this micro-behavior to MBC. Malware typically resumes a thread…
-
The problem is in the header, but i have a one qustion: how can i hide registry keys, what api need to be hooked for this, is this possible in ring 3? Will you add this in the future?
p.s Good work…
-
Hello,
The logic searches for several key processes in the process_path attribute and then searches the process_parent_command_line. **Within this second filter it is incorrectly using an OR stat…
-
## Abstract
CAPMC is going to be replaced with the Power Control Service (PCS). PCS will be a RESTful microservice (CAPMC is not very restful), PCS will have a smaller, better aligned portfolio of …