Here, we’ll demonstrate how to detect both direct and indirect syscalls by discussing detection rules using Elastic, YARA, and dedicated code. We’ll cover several approaches, including Static Analy...

In this chapter we will cover another approach that helps against memory detection called module stomping, we will talk about IOCs, and how to improve the technique.

In this post, we will cover topics such as memory detection evasion. We will discuss how memory scanners work and APC-based sleeping obfuscation.

In this chapter, we will explore a theoretical explanation of the Reflective DLL Injection process, developed by Stephen Fewer. We will propose insights into the involved techniques.

Now that we have the address of the module loaded into memory, we need to navigate its PE structure and locate the exported function. For this, we'll use LdrFuncAddr, which behaves similarly to Get...

In this topic, I will provide a brief description of the four subsequent projects. I will start by explaining the shellcode in C, eventually demonstrating how to perform some of the implementations...

This journal based on DLL Sideloading is essentially a cleaner approach to DLL Hijacking. If you've ever tried DLL Hijacking, you've probably encountered the error "The procedure entry point <expor...

In the previous chapter, RDI was presented and with improvements, now the Reflective DLL Injection (sRDI) shellcode will be presented. With RDI it is necessary to write the reflexive function expor...

In this guide, we will explore how to develop a Stager & Local Injector, using Fibers for payload execution. To fetch the payload from a web server, we will make use of the WinHttp library. Before ...

This time we'll develop a reverse shell using cmd.exe + socks. Here, we'll make extensive use of the functionalities seen in the previous modules of this Shellcoding chapter.