Forwarded from Exploiting Crew (Pr1vAt3)
Media is too big
VIEW IN TELEGRAM
Forwarded from Exploiting Crew (Pr1vAt3)
🦑Windows Defender Bypass 2024 with AES-Encrypted Malicious DLL.
Hello everyone,
Since a lot of you guys enjoyed the last video, I decided to create another bypass technique—this time using AES encryption for the shellcode. To make it more interesting, I incorporated the shellcode into a malicious DLL and executed it using another process.
Here’s how it works:
I created a simple file, test.exe (the process I mentioned), which loads the malicious DLL containing the encrypted shellcode. This is achieved using the LoadLibraryA() function and the GetProcAddress() function which is essential for loading any DLL and their exported functions into a process's memory. Once loaded, the DLL decrypts and executes the shellcode.
This time malicious DLL contained raw encrypted shellcode stored on disk. The encryption prevents detection by Windows Defender. In my previous approach, the shellcode was hosted on a server, making it a staged payload. While experimenting, I also tried XOR to obfuscate the shellcode like last time. However, it was consistently detected for some reason I still don’t understand.XORing the shellcode and AES encrypting it share a similar concept though.I might be wrong on this one, forgive me if I am.
This method can be implemented in various ways. One approach is to inject the DLL into another process using its PID or using this AES method to just execute the malicious exe to run the shellcode in memory without loading the dll. This technique has been used by APTs as a means of achieving persistence on compromised systems they target.
I used multiple resources from the internet. All the code used do not belong to me. I added custom logic(like calling the exported function) and tweaked it a little bit to make it work like the way I wanted it to. I give credit to the internet.Hope you guys find this useful!
Ref: Dhanush Arvind
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
Hello everyone,
Since a lot of you guys enjoyed the last video, I decided to create another bypass technique—this time using AES encryption for the shellcode. To make it more interesting, I incorporated the shellcode into a malicious DLL and executed it using another process.
Here’s how it works:
I created a simple file, test.exe (the process I mentioned), which loads the malicious DLL containing the encrypted shellcode. This is achieved using the LoadLibraryA() function and the GetProcAddress() function which is essential for loading any DLL and their exported functions into a process's memory. Once loaded, the DLL decrypts and executes the shellcode.
This time malicious DLL contained raw encrypted shellcode stored on disk. The encryption prevents detection by Windows Defender. In my previous approach, the shellcode was hosted on a server, making it a staged payload. While experimenting, I also tried XOR to obfuscate the shellcode like last time. However, it was consistently detected for some reason I still don’t understand.XORing the shellcode and AES encrypting it share a similar concept though.I might be wrong on this one, forgive me if I am.
This method can be implemented in various ways. One approach is to inject the DLL into another process using its PID or using this AES method to just execute the malicious exe to run the shellcode in memory without loading the dll. This technique has been used by APTs as a means of achieving persistence on compromised systems they target.
I used multiple resources from the internet. All the code used do not belong to me. I added custom logic(like calling the exported function) and tweaked it a little bit to make it work like the way I wanted it to. I give credit to the internet.Hope you guys find this useful!
Ref: Dhanush Arvind
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
The #Samsung Music Frame: A Stylish Smart Speaker with a Bargain
https://undercodenews.com/the-samsung-music-frame-a-stylish-smart-speaker-with-a-bargain/
@Undercode_News
https://undercodenews.com/the-samsung-music-frame-a-stylish-smart-speaker-with-a-bargain/
@Undercode_News
UNDERCODE NEWS
The Samsung Music Frame: A Stylish Smart Speaker with a Bargain - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Play #Ransomware Targets South Plains Implement
https://undercodenews.com/play-ransomware-targets-south-plains-implement/
@Undercode_News
https://undercodenews.com/play-ransomware-targets-south-plains-implement/
@Undercode_News
UNDERCODE NEWS
Play Ransomware Targets South Plains Implement - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
🔐 #Ransomware Attack Hits Joshua Grading & Excavating
https://undercodenews.com/ransomware-attack-hits-joshua-grading-excavating/
@Undercode_News
https://undercodenews.com/ransomware-attack-hits-joshua-grading-excavating/
@Undercode_News
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Everest and Play #Ransomware Groups Target Healthcare and Consulting Firms
https://undercodenews.com/everest-and-play-ransomware-groups-target-healthcare-and-consulting-firms/
@Undercode_News
https://undercodenews.com/everest-and-play-ransomware-groups-target-healthcare-and-consulting-firms/
@Undercode_News
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
#Ransomware Groups Target Dental Practices and Consulting Firms
https://undercodenews.com/ransomware-groups-target-dental-practices-and-consulting-firms/
@Undercode_News
https://undercodenews.com/ransomware-groups-target-dental-practices-and-consulting-firms/
@Undercode_News
UNDERCODE NEWS
Ransomware Groups Target Dental Practices and Consulting Firms - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Informative Israeli Tech IPOs: A Promising 2025
https://undercodenews.com/informative-israeli-tech-ipos-a-promising-2025/
@Undercode_News
https://undercodenews.com/informative-israeli-tech-ipos-a-promising-2025/
@Undercode_News
UNDERCODE NEWS
Informative Israeli Tech IPOs: A Promising 2025 - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
⚡️ 2nd One UI 7 Beta: A Closer Look at the Latest Features and Improvements
https://undercodenews.com/2nd-one-ui-7-beta-a-closer-look-at-the-latest-features-and-improvements/
@Undercode_News
https://undercodenews.com/2nd-one-ui-7-beta-a-closer-look-at-the-latest-features-and-improvements/
@Undercode_News
UNDERCODE NEWS
2nd One UI 7 Beta: A Closer Look at the Latest Features and Improvements - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
#Ransomware Group Hunters Targets Ecritel
https://undercodenews.com/ransomware-group-hunters-targets-ecritel/
@Undercode_News
https://undercodenews.com/ransomware-group-hunters-targets-ecritel/
@Undercode_News
UNDERCODE NEWS
Ransomware Group Hunters Targets Ecritel - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
🕵️ Gamaredon Leverages #Android #Spyware to Target Former Soviet States
https://undercodenews.com/gamaredon-leverages-android-spyware-to-target-former-soviet-states/
@Undercode_News
https://undercodenews.com/gamaredon-leverages-android-spyware-to-target-former-soviet-states/
@Undercode_News
UNDERCODE NEWS
Gamaredon Leverages Android Spyware to Target Former Soviet States - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Israel's High-Tech Sector: A Beacon of Hope in Turbulent Times
https://undercodenews.com/israels-high-tech-sector-a-beacon-of-hope-in-turbulent-times/
@Undercode_News
https://undercodenews.com/israels-high-tech-sector-a-beacon-of-hope-in-turbulent-times/
@Undercode_News
UNDERCODE NEWS
Israel's High-Tech Sector: A Beacon of Hope in Turbulent Times - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
⚡️ OnePlus Open 2: A Promising Upgrade on the Horizon
https://undercodenews.com/oneplus-open-2-a-promising-upgrade-on-the-horizon/
@Undercode_News
https://undercodenews.com/oneplus-open-2-a-promising-upgrade-on-the-horizon/
@Undercode_News
UNDERCODE NEWS
OnePlus Open 2: A Promising Upgrade on the Horizon - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
💾 How Startups Can Drive Insurance Innovation to Mitigate Climate Crises
https://undercodenews.com/how-startups-can-drive-insurance-innovation-to-mitigate-climate-crises/
@Undercode_News
https://undercodenews.com/how-startups-can-drive-insurance-innovation-to-mitigate-climate-crises/
@Undercode_News
UNDERCODE NEWS
How Startups Can Drive Insurance Innovation to Mitigate Climate Crises - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
#AI Video Generation Takes a Leap: #Google DeepMind Unveils Veo 2
https://undercodenews.com/ai-video-generation-takes-a-leap-google-deepmind-unveils-veo-2/
@Undercode_News
https://undercodenews.com/ai-video-generation-takes-a-leap-google-deepmind-unveils-veo-2/
@Undercode_News
UNDERCODE NEWS
AI Video Generation Takes a Leap: Google DeepMind Unveils Veo 2 - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Informative #Samsung Care+ Gets Even Better: Free Screen Replacements
https://undercodenews.com/informative-samsung-care-gets-even-better-free-screen-replacements/
@Undercode_News
https://undercodenews.com/informative-samsung-care-gets-even-better-free-screen-replacements/
@Undercode_News
UNDERCODE NEWS
Informative Samsung Care+ Gets Even Better: Free Screen Replacements - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
A Humorous Take on Flatmate Hunting
https://undercodenews.com/a-humorous-take-on-flatmate-hunting/
@Undercode_News
https://undercodenews.com/a-humorous-take-on-flatmate-hunting/
@Undercode_News
UNDERCODE NEWS
A Humorous Take on Flatmate Hunting - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
⚡️ Ignite Rises from the Ashes: A New Deep-Tech Innovation
https://undercodenews.com/ignite-rises-from-the-ashes-a-new-deep-tech-innovation/
@Undercode_News
https://undercodenews.com/ignite-rises-from-the-ashes-a-new-deep-tech-innovation/
@Undercode_News
UNDERCODE NEWS
Ignite Rises from the Ashes: A New Deep-Tech Innovation - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
🚨 Critical Vulnerabilities Added to CISA's Known Exploited Vulnerabilities Catalog
https://undercodenews.com/critical-vulnerabilities-added-to-cisas-known-exploited-vulnerabilities-catalog/
@Undercode_News
https://undercodenews.com/critical-vulnerabilities-added-to-cisas-known-exploited-vulnerabilities-catalog/
@Undercode_News
UNDERCODE NEWS
Critical Vulnerabilities Added to CISA's Known Exploited Vulnerabilities Catalog - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
🛡️ Israeli Defense Tech's American Dream: The Paragon Sale
https://undercodenews.com/israeli-defense-techs-american-dream-the-paragon-sale/
@Undercode_News
https://undercodenews.com/israeli-defense-techs-american-dream-the-paragon-sale/
@Undercode_News
UNDERCODE NEWS
Israeli Defense Tech's American Dream: The Paragon Sale - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…