Malware & Persistence

14 bookmarks
Custom sorting
Hijacking DLLs in Windows
Hijacking DLLs in Windows
DLL Hijacking is a popular technique for executing malicious payloads. This post lists nearly 300 executables vulnerable to relative path DLL Hijacking on Windows 10 (1909), and shows how with a few lines of VBScript some of the DLL hijacks can be executed with elevated privileges, bypassing UAC.
·wietzebeukema.nl·
Hijacking DLLs in Windows
MOF-tastic tricks or how to use MOF and powershell together
MOF-tastic tricks or how to use MOF and powershell together
An extension of the last post, Embedding Powershell into Office Documents , I will be demonstrating that by using Managed Object Formats (MOF) and Powershell, we can attempt a few tricks to leverag…
·khr0x40sh.wordpress.com·
MOF-tastic tricks or how to use MOF and powershell together
WTFBins
WTFBins
WTF, Bin?! This project aims to catalogue benign applications that exhibit suspicious behavior. These binaries can emit noise and false positives in threat hunting and automated detections. By cataloguing them here, the hope is to allow defenders to improve their detection rules and threat hunting queries.
·wtfbins.wtf·
WTFBins
WTFBins
WTFBins
WTF, Bin?! This project aims to catalogue benign applications that exhibit suspicious behavior. These binaries can emit noise and false positives in threat hunting and automated detections. By cataloguing them here, the hope is to allow defenders to improve their detection rules and threat hunting queries.
·wtfbins.wtf·
WTFBins
Hijacking DLLs in Windows
Hijacking DLLs in Windows
DLL Hijacking is a popular technique for executing malicious payloads. This post lists nearly 300 executables vulnerable to relative path DLL Hijacking on Windows 10 (1909), and shows how with a few lines of VBScript some of the DLL hijacks can be executed with elevated privileges, bypassing UAC.
·wietzebeukema.nl·
Hijacking DLLs in Windows
DLL SideLoading Teams and OneDrive
DLL SideLoading Teams and OneDrive
Cyble Analyzes how Threat Actors are leveraging Microsoft applications and DLL Sideloading to deliver Cobalt Strike Beacons
·blog.cyble.com·
DLL SideLoading Teams and OneDrive