Collection of resources and articles I need to look at. Mostly regarding malware/exploit development or analysis.
- https://0xpat.github.io/
- https://github.com/m0n0ph1/Process-Hollowing
- https://github.com/NVISOsecurity/brown-bags/tree/main/DInvoke%20to%20defeat%20EDRs
- https://iwantmore.pizza/posts/PEzor.html
- https://github.com/asaurusrex/Probatorum-EDR-Userland-Hook-Checker
- https://github.com/RedLectroid/APIunhooker
- https://blog.xpnsec.com/protecting-your-malware/
- https://blog.scrt.ch/2020/07/15/engineering-antivirus-evasion-part-ii/
- https://www.ired.team/offensive-security/code-injection-process-injection
- https://i.blackhat.com/USA-19/Thursday/us-19-Kotler-Process-Injection-Techniques-Gotta-Catch-Them-All-wp.pdf
- https://github.com/vxunderground/VXUG-Papers/tree/main/Hells%20Gate
- https://greysec.net/
- https://github.com/vxunderground/VXUG-Papers/blob/main/Hells%20Gate/HellsGate.pdf
- https://github.com/trustedsec/CS-Situational-Awareness-BOF/tree/master/src/SA
- https://github.com/0xthirteen/StayKit
- https://www.youtube.com/watch?v=mZyMs2PP38w
- https://i.blackhat.com/USA-19/Thursday/us-19-Kotler-Process-Injection-Techniques-Gotta-Catch-Them-All-wp.pdf
- https://www.ired.team/offensive-security/code-injection-process-injection
- https://sevrosecurity.com/2020/04/08/process-injection-part-1-createremotethread/
- https://connormcgarr.github.io/thread-hijacking/
- https://github.com/connormcgarr/cThreadHijack
- https://github.com/ajpc500/BOFs/blob/main/SyscallsInject/entry.c
- https://github.com/Microwave89/createuserprocess/
- https://movaxbx.ru/2018/10/31/interesting-technique-to-inject-malicious-code-into-svchost-exe/
- https://blog.redbluepurple.io/offensive-research/bypassing-injection-detection
- https://www.netspi.com/blog/technical/adversary-simulation/srdi-shellcode-reflective-dll-injection/
- https://s3cur3th1ssh1t.github.io/A-tale-of-EDR-bypass-methods/
- https://modexp.wordpress.com/2020/04/08/red-teams-etw/
- https://public.cnotools.studio/bring-your-own-vulnerable-kernel-driver-byovkd/exploits/data-only-attack-neutralizing-etwti-provider
- https://www.youtube.com/watch?v=Cch8dvp836w
- https://github.com/fozavci/WeaponisingCSharp-Fundamentals
- https://github.com/med0x2e/ExecuteAssembly
- https://github.com/outflanknl/TamperETW
- https://github.com/hasherezade/process_doppelganging/blob/master/main.cpp
- https://github.com/chvancooten/OSEP-Code-Snippets/blob/main/Sections%20Shellcode%20Process%20Injector/Program.cs
- https://www.thehive-kb.xyz/rem-essentials-windows-malware-evasion-part1
- https://gist.github.com/apsun/1adb6557a44ea8372e7cc27c3ad827ad
- https://github.com/am0nsec/wspe/blob/master/AMSI/amsi_module_patch.c#L220
- https://www.ired.team/offensive-security/code-injection-process-injection/addressofentrypoint-code-injection-without-virtualallocex-rwx
- https://github.com/hasherezade/libpeconv/tree/master/run_pe
- https://www.cyberark.com/resources/threat-research-blog/masking-malicious-memory-artifacts-part-i-phantom-dll-hollowing-2
- https://www.forrest-orr.net/post/masking-malicious-memory-artifacts-part-iii-bypassing-defensive-scanners
- https://github.com/forrest-orr/phantom-dll-hollower-poc/blob/master/PhantomDllHollower/PhantomDllHollower.cpp
- https://github.com/BreakingMalwareResearch/atom-bombing/blob/master/AtomBombing/main.cpp
- https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
- https://github.com/ChoiSG/UuidShellcodeExec
- https://blog.malwarebytes.com/threat-analysis/2018/08/process-doppelganging-meets-process-hollowing_osiris/
- https://pnx9.github.io/thehive/Unpacking-Osiris.html
- https://github.com/JustasMasiulis/inline_syscall
- https://github.com/jthuraisamy/SysWhispers
- https://github.com/jthuraisamy/SysWhispers2
- https://github.com/outflanknl/InlineWhispers
- https://github.com/3lp4tr0n/BeaconHunter
- https://github.com/Flangvik/SharpCollection
- https://www.mdsec.co.uk/2021/02/farming-for-red-teams-harvesting-netntlm/
- https://www.trustedsec.com/blog/adexplorer-on-engagements/
- https://github.com/NotMedic/NetNTLMtoSilverTicket
- https://medium.com/@petergombos/lm-ntlm-net-ntlmv2-oh-my-a9b235c58ed4
- [MALWARE] hxxps://anonfiles.com/hcJ4afK8o6/C-Lowlevel-Ldr_2_zip [PW: exploit.in]