0xpat.github.io/Malware_develo… on developing shellcode loader

Well this is awkward 😂 Nice logo tho.

In case you missed it: Im writing a multi part blog on RedELK, Outflank’s open sourced tooling that acts as a red team SIEM and helps with overall improved oversight during red team operations: outflank.nl/blog/2019/02/1… outflank.nl/blog/2020/02/2… outflank.nl/blog/2020/04/0…

Wanted to demonstrate AdjustTokenPrivileges() -> SomePrivilegedCall() sequence, and failed with SetSystemTime(). And now I know: SetSystemTime() tries to adjusts privileges on it's own, not even checking the result, and then calls NtSetSystemTime() syscall. Interesting...

Detecting APT29: MITRE EDR evaluations round 2 - Jorrit Folmer - Medium -> not everyone is a winner! medium.com/@jorritfolmer/…

0xpat.github.io/Malware_develo… On detecting VMs, evading sandboxes, bypassing function hooks

Did you know that LinkedIn has a directory? linkedin.com/directory/peop…

Eliminate huge part of lateral movement scenarios with one command: "reg.exe add HKLM\SYSTEM\CurrentControlSet\Control /v DisableRemoteScmEndpoints /t REG_DWORD /d 1" It will make Service Control Manager deaf to remote management. Everything else works properly.

0xpat.github.io/Malware_develo… detecting debuggers and other tricks to make dynamic analysis of malware harder

0xpat.github.io/Malware_develo… Check out compilation tips, PE overwiew, hiding imports, API hashing and calculating entropy

0xpat.github.io/Malware_develo… Some advanced obfuscation techniques for C code

0xpat.github.io/Malware_develo… Implementing COFF loader/injector (aka beacon object file)

Would you like to learn more about Applied #PurpleTeaming? Come and join us, Patryk Czeczko and lǝʍɐd tomorrow at 1500 UTC. Learn more: x33fcon.com/#!w/purple.md Free registration: x33fcon.com/#!webinarregis…

x33fcon.com/#!s/malware.md This year during /ˈziːf-kɒn/ we will code some covert shellcode loader in C++ lǝʍɐd #redteam #purpleteam #malware #workshop

I'm giving 2 talks at LayerOne Security Conference together with lǝʍɐd this weekend: layerone.org/schedule/ #purpleteam #malware