ippsec - Mimikatz obfuscation for AV/HIDS evasion
https://youtu.be/9pwMCHlNma4
#redteam #av #edrbypass
https://youtu.be/9pwMCHlNma4
#redteam #av #edrbypass
YouTube
AV Evasion - Mimikatz
00:58 - Installing FireEye Commando to help keep our development environments sync'd
04:30 - Using Git to download mimikatz, openifang with Visual Studio 2017 and installing dependencies
08:50 - Verifying that we can compile mimikatz before we make any changes.…
04:30 - Using Git to download mimikatz, openifang with Visual Studio 2017 and installing dependencies
08:50 - Verifying that we can compile mimikatz before we make any changes.…
amber is a reflective PE packer for bypassing security products and mitigations. It can pack regularly compiled PE files into reflective payloads that can load and execute itself like a shellcode. It enables stealthy in-memory payload deployment that can be used to bypass anti-virus, firewall, IDS, IPS products and application white-listing mitigations. https://github.com/EgeBalci/Amber
#bypass #av #evasion
GitHub
GitHub - EgeBalci/amber: Reflective PE packer.
Reflective PE packer. Contribute to EgeBalci/amber development by creating an account on GitHub.
Intensio-Obfuscator (Beta)
Takes a python source code and transform it into an obfuscated python code, replace name of variables - classes - functions to random chars and defined length, removes comments, line breaks and add to each line a random script with an always differents values.
https://github.com/Hnfull/Intensio-Obfuscator
#evasion #obfuscation #av
Takes a python source code and transform it into an obfuscated python code, replace name of variables - classes - functions to random chars and defined length, removes comments, line breaks and add to each line a random script with an always differents values.
https://github.com/Hnfull/Intensio-Obfuscator
#evasion #obfuscation #av
GitHub
GitHub - Hnfull/Intensio-Obfuscator: Obfuscate a python code 2.x and 3.x
Obfuscate a python code 2.x and 3.x. Contribute to Hnfull/Intensio-Obfuscator development by creating an account on GitHub.
Red Team Tactics: Combining Direct System Calls and sRDI to bypass AV/EDR
In this blog post we will explore the use of direct system calls, restore hooked API calls and ultimately combine this with a shellcode injection technique called sRDI. We will combine these techniques in proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike, while not touching disk and evading AV/EDR monitored user-mode API calls.
https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
#redteaming #evasion #av #bypass
In this blog post we will explore the use of direct system calls, restore hooked API calls and ultimately combine this with a shellcode injection technique called sRDI. We will combine these techniques in proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike, while not touching disk and evading AV/EDR monitored user-mode API calls.
https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
#redteaming #evasion #av #bypass
Outflank
Red Team Tactics: Combining Direct System Calls and sRDI to bypass AV/EDR | Outflank
In this blog post we will explore the use of direct system calls, restore hooked API calls and ultimately combine this with a shellcode injection technique called sRDI. We will combine these techniques in proof of concept code which can be used to create…
Red Team Diary, Entry #1: Making NSA’s PeddleCheap RAT Invisible
The reason behind launching these posts is to engage the community and start a discussion around the techniques presented. This way, valuable insights and hopefully the readers’ own techniques can be shared in the “Responses” section at the bottom of each article.
https://medium.com/@d.bougioukas/red-team-diary-entry-1-making-nsas-peddlecheap-rat-invisible-f88ccbdc484d
#redteaming #av #evasion #rat
The reason behind launching these posts is to engage the community and start a discussion around the techniques presented. This way, valuable insights and hopefully the readers’ own techniques can be shared in the “Responses” section at the bottom of each article.
https://medium.com/@d.bougioukas/red-team-diary-entry-1-making-nsas-peddlecheap-rat-invisible-f88ccbdc484d
#redteaming #av #evasion #rat
Medium
Red Team Diary, Entry #1: Making NSA’s PeddleCheap RAT Invisible
A/V | EDR evasion using a RAMDisk and a custom PE loader
CarbonCopy
A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux
https://github.com/paranoidninja/CarbonCopy
#tools #pentesting #spoofing #av
A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux
https://github.com/paranoidninja/CarbonCopy
#tools #pentesting #spoofing #av
GitHub
GitHub - paranoidninja/CarbonCopy: A tool which creates a spoofed certificate of any online website and signs an Executable for…
A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux - paranoidninja/CarbonCopy
Fuzzing the Windows API for AV Evasion
https://winternl.com/fuzzing-the-windows-api-for-av-evasion/
#evasion #bypass #av #windows
https://winternl.com/fuzzing-the-windows-api-for-av-evasion/
#evasion #bypass #av #windows
Oh, so you have an antivirus… name every bug
In this blog I will be disclosing about 8 0-day vulnerability and all of them are still unknow to the vendors, don’t expect those bugs to be working for more than a week or two cause probably they will release an emergency security patches to fix those bugs.
https://halove23.blogspot.com/2020/12/oh-so-you-have-antivirus-nameevery-bug.html
#windows #lpe #av #vulnerability
In this blog I will be disclosing about 8 0-day vulnerability and all of them are still unknow to the vendors, don’t expect those bugs to be working for more than a week or two cause probably they will release an emergency security patches to fix those bugs.
https://halove23.blogspot.com/2020/12/oh-so-you-have-antivirus-nameevery-bug.html
#windows #lpe #av #vulnerability