Bypass Windows Defender with FilelessPELoader
Offensive security professional 'TheD1rkMtr' released a C++ tool, titled 'FilelessPELoader' on his Github repository earlier this year in 2023.

The publicly available tool was able to bypass the latest Windows Defender and successfully load and execute Mimikatz on a Windows system. The proof of concept along with the source code of the tool can be found in the author's Github repository over here.

As publicly available tools that claim to bypass Windows Defender are usually rapidly signatured and prevented by the AV/EDR vendors, an attempt was conducted to verify if the C++ 'FilelessPELoader' tool is still functional, and if it is still possible to bypass the latest Windows Defender on an updated Windows system.

This video posted by the Gemini Security channel on Youtube provides a step-by-step walkthrough on how to compile the C++ tool FilelessPELoader and the usage of it, demonstrating that it is STILL possible to bypass Windows Defender, loading and executing the Mimikatz.exe binary. The video also provides a demonstration on using the FilelessPELoader tool to load and execute a Meterpreter reverse shell, successfully establishing a functional reverse shell back to a Kali OS.

If you're up against Windows Defender and require a bypass, this might be the solution for you.
🗣cybermepls


🎖@malwr

You suspect there should be a cross-reference in the listing, but IDA isn’t showing it? See how to find it 🌐 https://hex-rays.com/blog/igors-tip-of-the-week-132-finding-hidden-cross-references/?utm_source=Social-Media-Post&utm_medium=Twitter&utm_campaign=Igor-Tip-132

#IgorsTipOfTheWeek #IDAtips #IDAPro
🗣HexRaysSA


🎖@malwr

Reverse Engineering a Windows 95 Game - Part II: Reversing (Undocumented) Settings : https://sidneys1.com/reverse-engineering/2023/03/16/reverse-engineering-a-win95-game-II.html

Part 1 : https://sidneys1.com/reverse-engineering/2023/02/23/reverse-engineering-a-win95-game-I.html
🗣binitamshah


🎖@malwr

We’ve just published a short #IDAPro tutorial about the #Disassembly window. Watch it now 🌐 https://youtu.be/cgELfAUg8C4

#IDAProTutorials #IDAPro #hexrays #LearningIDA
🗣HexRaysSA


🎖@malwr

Android Attack: Reversing React Native Applications
https://securityqueens.co.uk/android-attack-reversing-react-native-applications/
🗣pentest_swissky


🎖@malwr

Python and Malware: Writing a simple wiper malware - Malware - 0x00sec - The Home of the Hacker https://0x00sec.org/t/python-and-malware-writing-a-simple-wiper-malware/31652
🗣akaclandestine


🎖@malwr

Happy to announce the release of my JADX dynamic scripting plugin, JADXecute. Now you write and share scripts to automate your Android APK analysis! #ReverseEngineering

https://github.com/LaurieWired/JADXecute
🗣lauriewired


🎖@malwr

Here's a short blog on using Frida to write and bypass detections for your TTPs. We can use good ol' userland hooking + JavaScript bindings to avoid writing complex kernel code, which lets us quickly develop test cases and improve our techniques.

https://passthehashbrowns.github.io/using-frida-for-rapid-detection-testing
🗣passthehashbrwn


🎖@malwr

travisgoodspeed/gbrom-tutorial: Tutorial for extracting the GameBoy ROM from photographs of the die.
🗣tnavda

Fascinating read, thanks for sharing.
👤cea1990

I don't know if I'll ever personally need this info but it was a great read nonetheless!
👤Browsing_From_Work


🎖@malwr