Windows Shellcoding x86 – Calling Functions in Kernel32.dll – Part 2

In the previous part, we found the address of Kernel32.dll dynamically by walking through the LDR struct. In this part, we will be focusing on finding the address of the … Continue reading “Windows Shellcoding x86 – Calling Functions in Kernel32.dll – Part 2”

Malware on Steroids Part 4: Defender and Symantec Endpoint Protection Evasion

So, this blog is just going to be a rant about the comments on the twitter that I was facing for Windows Defender and Symantec Endpoint Protection Evasion. You can … Continue reading “Malware on Steroids Part 4: Defender and Symantec Endpoint Protection Evasion”

Malware on Steroids – Part 2: Evading Antivirus in a Simulated Organizational Environment

In the previous post, we wrote a simple CMD Reverse Shell over TCP. However, in a real-life scenario, things would be pretty different. In this post, we will be focusing … Continue reading “Malware on Steroids – Part 2: Evading Antivirus in a Simulated Organizational Environment”

Malware on Steroids – Part 1: Simple CMD Reverse Shell

The Prologue If you haven’t watched the videos yet, here are my links to both the antivirus evasions I performed: 1. Windows Cloud ML Defender Evasion 2. Kaspersky AV Evasion … Continue reading “Malware on Steroids – Part 1: Simple CMD Reverse Shell”

Ground Zero: Part 1-2 – Reverse Engineering Password Protected Reverse Shells – Linux x64

Prologue Its been a long time since I posted any of my blogs. What can I say, I was a bit busy with some of the office projects. But finally … Continue reading “Ground Zero: Part 1-2 – Reverse Engineering Password Protected Reverse Shells – Linux x64”

Ground Zero: Part 2-3 – Reverse Engineering – Building Cracked Binaries – Windows x64

Prologue In the previous post, we saw how to extract cleartext and encrypted passwords by reverse engineering the binaries which stored the passwords in memory or within the binary itself. … Continue reading “Ground Zero: Part 2-3 – Reverse Engineering – Building Cracked Binaries – Windows x64”