Introduction Hello, fellow Zig programming enthusiasts! In this blog post, I’ll walk you through the process of implementing of well-known and classic technique “Hell’s Gate ” —a method for making direct Windows system calls by extracting syscall numbers from ntdll.dll. Hell’s Gate is popular in malware for evading API monitoring, as it used to bypass … Read more
MITRE : CVE-2022-46637 Advisory: exploit Intro Last October, I was planning to visit the philippine to get some rest away from work and life pressure. And I would say that was a great direction to relax and enjoy the beauty of nature. It was a joyful stay, But I was struggling with the quality of … Read more
introduction and here we are in part three of this series, and in this blog post, I am going to finish the operational part of our c2c that includes a stable demo with a very straightforward execution flow. before start explaining the topic for today, there are some questions asked about why I want the … Read more
In memory of Terry Davis (August 11, 2018) an idiot admire complexity, a genius admires simplicity Terry Davis In this part, I will continue developing the team server for the operator side and designing the operator GUI interface. since the topic will contain several cod blocks, I have done the workshop videos via twitch and … Read more
Introduction Over a while, the development of c2c has increased rapidly, including the number of new commercial frameworks, which I will not mention because I am not here to advertise any, and there are awesome open-sourced projects such as sliver, Covenant, and many more. In this article, I will shed light on the uncovered offensive … Read more
Malwarebytes provides a support tool that automatically repairs and fixes software issues and broken configurations, that’s actually common for anti-malware software to assist their customers to do that. after navigation into HelpCenter inside the Malwarebytes interface, you need to download the software package which will do self-extraction and requires elevated permission to continue running. since … Read more
https://github.com/0xsp-SRD/mortar Words to say I released the Mortar loader a couple of months ago, and it was good results in defeating and diverting advanced AV(anti-virus) solutions. However, even after many vendors pushed some updates to detect the loader, it was easy to compile an undetectable version by changing some code lines.,And here I am pointing … Read more
Research Agenda Part1 – porting the backdoor for windows (READY) Part2 – porting the backdoor for Linux/Unix (IN PROGRESS) Part3 – hiding the process (IN PROGRESS) Part4 – provision of techniques (IN PROGRESS) RootKits Definitions According to Greg Hoglund, a rootkit is “a set of programs and code that allows a permanent or consistent, undetectable presence on a … Read more
Intro Despite the fact, XDR products play bulletproof against newly cyber by newly updated built-in defensive techniques and procedures, there are small holes in the development face of such products which could let intruders get used to it to gain an ability to disable or suspend or even use it as a way of persistent. … Read more
introduction DNS is one of the core services of the current Internet. It is used not only for obvious benign purposes but also for malicious use. For example, we can see its usage in botnet command and control servers (C&C), phishing sites, or download sites with malicious code. DNS exfiltration is the unauthorized transfer of … Read more
