https://cocomelonc.github.io/persistence/2025/03/12/malware-pers-27.html next one in my blog. Iβve written a lot about various persistence methods but somehow I forgot to mention one simple technique.
Scheduled Tasks are a simple yet effective way to achieve persistence on a Windows system, the APT groups like #apt17 and #apt41 exploited this feature for attacking PCs.
#cybersecurity #hacking #research #malware #malwaredev #cybercrime #apt #programming #redteam #blueteam #purpleteam
Scheduled Tasks are a simple yet effective way to achieve persistence on a Windows system, the APT groups like #apt17 and #apt41 exploited this feature for attacking PCs.
#cybersecurity #hacking #research #malware #malwaredev #cybercrime #apt #programming #redteam #blueteam #purpleteam
cocomelonc
Malware development: persistence - part 27. Scheduled Tasks. Simple C example.
ο·½
β€10π2π1
Full series persistence - part 1:
registry run keys:
https://cocomelonc.github.io/tutorial/2022/04/20/malware-pers-1.html
screensaver hijacking:
https://cocomelonc.github.io/tutorial/2022/04/26/malware-pers-2.html
COM DLL hijack:
https://cocomelonc.github.io/tutorial/2022/05/02/malware-pers-3.html
windows services:
https://cocomelonc.github.io/tutorial/2022/05/09/malware-pers-4.html
AppInit DLLs:
https://cocomelonc.github.io/tutorial/2022/05/16/malware-pers-5.html
windows netsh helper DLL:
https://cocomelonc.github.io/tutorial/2022/05/29/malware-pers-6.html
winlogon:
https://cocomelonc.github.io/tutorial/2022/06/12/malware-pers-7.html
port monitors:
https://cocomelonc.github.io/tutorial/2022/06/19/malware-pers-8.html
default file extension hijacking:
https://cocomelonc.github.io/malware/2022/08/26/malware-pers-9.html
using image file execution options:
https://cocomelonc.github.io/malware/2022/09/10/malware-pers-10.html
#malware #malwaredev #research #cybercrime #persistence #apt #mitre
registry run keys:
https://cocomelonc.github.io/tutorial/2022/04/20/malware-pers-1.html
screensaver hijacking:
https://cocomelonc.github.io/tutorial/2022/04/26/malware-pers-2.html
COM DLL hijack:
https://cocomelonc.github.io/tutorial/2022/05/02/malware-pers-3.html
windows services:
https://cocomelonc.github.io/tutorial/2022/05/09/malware-pers-4.html
AppInit DLLs:
https://cocomelonc.github.io/tutorial/2022/05/16/malware-pers-5.html
windows netsh helper DLL:
https://cocomelonc.github.io/tutorial/2022/05/29/malware-pers-6.html
winlogon:
https://cocomelonc.github.io/tutorial/2022/06/12/malware-pers-7.html
port monitors:
https://cocomelonc.github.io/tutorial/2022/06/19/malware-pers-8.html
default file extension hijacking:
https://cocomelonc.github.io/malware/2022/08/26/malware-pers-9.html
using image file execution options:
https://cocomelonc.github.io/malware/2022/09/10/malware-pers-10.html
#malware #malwaredev #research #cybercrime #persistence #apt #mitre
cocomelonc
Malware development: persistence - part 1. Registry run keys. C++ example.
ο·½
β€9π6π₯2
Full series persistence - part 2:
powershell profile:
https://cocomelonc.github.io/malware/2022/09/20/malware-pers-11.html
accessibility features:
https://cocomelonc.github.io/malware/2022/09/30/malware-pers-12.html
hijacking uninstall logic for application:
https://cocomelonc.github.io/malware/2022/10/04/malware-pers-13.html
event viewer help link:
https://cocomelonc.github.io/malware/2022/10/09/malware-pers-14.html
internet explorer:
https://cocomelonc.github.io/malware/2022/10/12/malware-pers-15.html
cryptography registry keys:
https://cocomelonc.github.io/malware/2022/10/21/malware-pers-16.html
windows error reporting:
https://cocomelonc.github.io/malware/2022/11/02/malware-pers-18.html
disk cleanup utility:
https://cocomelonc.github.io/persistence/2022/11/16/malware-pers-19.html
UserInitMprLogonScript:
https://cocomelonc.github.io/persistence/2022/12/09/malware-pers-20.html
#malware #malwaredev #persistence #apt #cybercrime #mitre
powershell profile:
https://cocomelonc.github.io/malware/2022/09/20/malware-pers-11.html
accessibility features:
https://cocomelonc.github.io/malware/2022/09/30/malware-pers-12.html
hijacking uninstall logic for application:
https://cocomelonc.github.io/malware/2022/10/04/malware-pers-13.html
event viewer help link:
https://cocomelonc.github.io/malware/2022/10/09/malware-pers-14.html
internet explorer:
https://cocomelonc.github.io/malware/2022/10/12/malware-pers-15.html
cryptography registry keys:
https://cocomelonc.github.io/malware/2022/10/21/malware-pers-16.html
windows error reporting:
https://cocomelonc.github.io/malware/2022/11/02/malware-pers-18.html
disk cleanup utility:
https://cocomelonc.github.io/persistence/2022/11/16/malware-pers-19.html
UserInitMprLogonScript:
https://cocomelonc.github.io/persistence/2022/12/09/malware-pers-20.html
#malware #malwaredev #persistence #apt #cybercrime #mitre
cocomelonc
Malware development: persistence - part 11. Powershell profile. Simple C++ example.
ο·½
π₯9β€2π1
Full series persistence - part 3:
Recycle Bin, My Documents COM extension handler:
https://cocomelonc.github.io/persistence/2023/01/19/malware-pers-21.html
windows setup:
https://cocomelonc.github.io/persistence/2023/07/16/malware-pers-22.html
LNK files:
https://cocomelonc.github.io/persistence/2023/12/10/malware-pers-23.html
StartupApproved:
https://cocomelonc.github.io/persistence/2024/03/12/malware-pers-24.html
create symlink from legit to evil:
https://cocomelonc.github.io/persistence/2024/07/13/malware-pers-25.html
microsoft edge:
https://cocomelonc.github.io/persistence/2024/08/14/malware-pers-26.html
scheduled tasks:
https://cocomelonc.github.io/persistence/2025/03/12/malware-pers-27.html
#malware #malwaredev #research #persistence #apt #cybercrime #mitre
Recycle Bin, My Documents COM extension handler:
https://cocomelonc.github.io/persistence/2023/01/19/malware-pers-21.html
windows setup:
https://cocomelonc.github.io/persistence/2023/07/16/malware-pers-22.html
LNK files:
https://cocomelonc.github.io/persistence/2023/12/10/malware-pers-23.html
StartupApproved:
https://cocomelonc.github.io/persistence/2024/03/12/malware-pers-24.html
create symlink from legit to evil:
https://cocomelonc.github.io/persistence/2024/07/13/malware-pers-25.html
microsoft edge:
https://cocomelonc.github.io/persistence/2024/08/14/malware-pers-26.html
scheduled tasks:
https://cocomelonc.github.io/persistence/2025/03/12/malware-pers-27.html
#malware #malwaredev #research #persistence #apt #cybercrime #mitre
cocomelonc
Malware development: persistence - part 21. Recycle Bin, My Documents COM extension handler. Simple C++ example.
ο·½
β€11π₯3π1
This is a very short post. I just want to please my readers, colleagues and friends. translation of MD MZ book to Russian language is finished.
For the Russian language I have some issues. First one is with different fonts: for Russian Cyrillic and for Arabic. The second problem is with displaying comments in code blocks in Russian, so I left them in this version as in the original - in English (I generally consider writing comments in code in languages ββother than English to be very bad form).
You can send donations via https://paypal.me/cocomelonc/
For the Russian language I have some issues. First one is with different fonts: for Russian Cyrillic and for Arabic. The second problem is with displaying comments in code blocks in Russian, so I left them in this version as in the original - in English (I generally consider writing comments in code in languages ββother than English to be very bad form).
You can send donations via https://paypal.me/cocomelonc/
PayPal.Me
Pay Zhassulan Zhussupov using PayPal.Me
Go to PayPal.Me/cocomelonc and enter the amount. It's safer and more secure. Don't have a PayPal account? No problem.
π₯9β€4π2
- how are cats different from dogs?
- cats don't work for the cops and catch rats =^..^=
#cats #catstanbul #archive
- cats don't work for the cops and catch rats =^..^=
#cats #catstanbul #archive
1β€21π₯4π3π€2
https://www.amazon.com/dp/1801810176
Today I received the 2024 sales report for my book Malware Development for Ethical Hackers. Total sales including ebooks and Packt subscriptions: 1,160 copies. The book was in the top 3 Amazon wishlist last year, and also in the top 3 on Packt in the security and cryptography categories.
First of all, I am grateful to my family, especially my wife Laura. My readers, coworkers, and friends deserve a tremendous amount of gratitude as well.
It is my sincere desire that the information I impart will result in at least one reader becoming more knowledgeable, more proficient, and more self-assured.
#book #research #hacking #malware #apt #cybercrime
Today I received the 2024 sales report for my book Malware Development for Ethical Hackers. Total sales including ebooks and Packt subscriptions: 1,160 copies. The book was in the top 3 Amazon wishlist last year, and also in the top 3 on Packt in the security and cryptography categories.
First of all, I am grateful to my family, especially my wife Laura. My readers, coworkers, and friends deserve a tremendous amount of gratitude as well.
It is my sincere desire that the information I impart will result in at least one reader becoming more knowledgeable, more proficient, and more self-assured.
#book #research #hacking #malware #apt #cybercrime
β€16π₯5π2π1
https://cocomelonc.github.io/malware/2025/04/02/malware-cryptography-40.html djuma mubarak! next one on my blog. enjoy!
In this post I want to show you how to implement custom RC5 encryption in Nim language and execute decrypted payload using a sneaky Windows API trick - EnumDesktopsA
twitter: https://x.com/cocomelonckz/status/1908020857164747143
#hacking #cybersecurity #programming #cybercrime #apt #malware #threatintel #book #research #cryptography
In this post I want to show you how to implement custom RC5 encryption in Nim language and execute decrypted payload using a sneaky Windows API trick - EnumDesktopsA
twitter: https://x.com/cocomelonckz/status/1908020857164747143
#hacking #cybersecurity #programming #cybercrime #apt #malware #threatintel #book #research #cryptography
cocomelonc
Malware and cryptography 40 - encrypt/decrypt payload via RC5. Simple Nim example.
ο·½
β€10π2π₯1
There are already 3 international conferences this year where I will not be able to speak, although I received approval for my talk, and all because of the stupid entry rules into the European Union and the Balkans πππ
https://x.com/cocomelonckz/status/1908410624343785746
#research #malware #book #conferences #hacking #cybercrime #apt
https://x.com/cocomelonckz/status/1908410624343785746
#research #malware #book #conferences #hacking #cybercrime #apt
X (formerly Twitter)
zhassulan zhussupov (@cocomelonckz) on X
There are already 3 international conferences this year where I will not be able to speak, although I received approval for my talk, and all because of the stupid entry rules into the European Union and the Balkans
#research #malware #book #conferences #hackingβ¦
#research #malware #book #conferences #hackingβ¦
β€10π3π3π2
https://cocomelonc.github.io/malware/2025/04/10/malware-cryptography-41.html djuma mubarak! next one from my blog.
This post is the result of my own research on using TEA encryption on malware development, but the main difference is using Nim language instead C/C++
https://github.com/cocomelonc/meow/tree/master/2025-04-10-malware-cryptography-41
#cybersecurity #malware #hacking #redteam #blueteam #purpleteam #programming #research #cybercrime #apt #nim #clang #cpp
This post is the result of my own research on using TEA encryption on malware development, but the main difference is using Nim language instead C/C++
https://github.com/cocomelonc/meow/tree/master/2025-04-10-malware-cryptography-41
#cybersecurity #malware #hacking #redteam #blueteam #purpleteam #programming #research #cybercrime #apt #nim #clang #cpp
cocomelonc
Malware and cryptography 41 - encrypt/decrypt payload via TEA. Simple Nim example.
ο·½
β€8π₯3π2
Alhamdulillah, if you are good at something then extend your #knowledge to everyone so that the world can shine
#cybersecurity #book #research #hacking #malware #programming #cybercrime #apt
#cybersecurity #book #research #hacking #malware #programming #cybercrime #apt
β€17π4π4
https://github.com/cocomelonc/bsprishtina-2024-maldev-workshop/
Assalamu aleikum. Just updated the repository. Added new PoCs based on my trainings that I conduct in Bahrain β€οΈ at this time.
https://x.com/cocomelonckz/status/1915237225626808725
#cybersecurity #hacking #programming #research #malware #redteam #blueteam #purpleteam #apt #cybercrime #books #knowledge #packt
Assalamu aleikum. Just updated the repository. Added new PoCs based on my trainings that I conduct in Bahrain β€οΈ at this time.
https://x.com/cocomelonckz/status/1915237225626808725
#cybersecurity #hacking #programming #research #malware #redteam #blueteam #purpleteam #apt #cybercrime #books #knowledge #packt
GitHub
GitHub - cocomelonc/bsprishtina-2024-maldev-workshop: BSides Prishtina 2024 Malware Development and Persistence workshop
BSides Prishtina 2024 Malware Development and Persistence workshop - cocomelonc/bsprishtina-2024-maldev-workshop
105β€12π₯3π2
https://cocomelonc.github.io/malware/2025/05/01/malware-tricks-46.html djuma mubarak! next one in my blog. Simple "classic" trick, very useful for my entry level readers and students. enjoy! =^..^=
twtter: https://x.com/cocomelonckz/status/1918210338681409945
#malware #cybersecurity #hacking #redteam #blueteam #purpleteam #cybercrime #malwaredev #malwareanalysis #apt #spyware #research #programming
twtter: https://x.com/cocomelonckz/status/1918210338681409945
#malware #cybersecurity #hacking #redteam #blueteam #purpleteam #cybercrime #malwaredev #malwareanalysis #apt #spyware #research #programming
cocomelonc
Malware development trick 46: simple Windows keylogger. Simple C example.
ο·½
β€10π₯3π2
Djuma mubarak! I know that among my followers on linkedin, twitter and telegram there are French speaking cybersecurity speciialists, I found an interesting playlist and channel: it looks at examples and code from my blog in French on youtube:
https://www.youtube.com/watch?v=TQUCY6k0o_s&list=PLboyMWpGKWpBt2iUH6hIz68oqkRtCQr2C&index=86
twitter: https://x.com/cocomelonckz/status/1920871454028992906
#cybersecurity #hacking #programming #malware #research #youtube #book #cybercrime #redteam #blueteam #purpleteam
https://www.youtube.com/watch?v=TQUCY6k0o_s&list=PLboyMWpGKWpBt2iUH6hIz68oqkRtCQr2C&index=86
twitter: https://x.com/cocomelonckz/status/1920871454028992906
#cybersecurity #hacking #programming #malware #research #youtube #book #cybercrime #redteam #blueteam #purpleteam
YouTube
dΓ©veloppement de logiciels persistance corbeille gestionnaires d extension COM Mes documents
β€8π3π1
https://cocomelonc.github.io/malware/2025/05/10/malware-tricks-47.html next one in my blog. several #apt groups and #cybercriminal organizations like #APT37, #APT38, #Sandworm and malware like #ZeusPanda, #ROKRAT or #CosmicDuke have used this trick.
twitter: https://x.com/cocomelonckz/status/1922149005800182188
#cybersecurity #hacking #malware #redteam #blueteam #purpleteam #programming #research #malwaredev
twitter: https://x.com/cocomelonckz/status/1922149005800182188
#cybersecurity #hacking #malware #redteam #blueteam #purpleteam #programming #research #malwaredev
cocomelonc
Malware development trick 47: simple Windows clipboard hijacking. Simple C example.
ο·½
β€9π2π₯1
Alhamdulillah! Our cat gave birth to kittens! =^..^= π
β€23π₯°9π5