EUVD-2003-0635

Malware in sbrugna...

NativeDump - Dump Lsass Using Only Native APIs By Hand-Crafting Minidump Files (Without MinidumpWriteDump!)

NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to be parsed by tools like Mimikatz or Pypykatz SystemInfo, ModuleList and Memory64List Streams. NTOpenProcessToken and NtAdjustPrivilegeToken to get the "SeDebugPrivilege"...

CrimsonEDR - Simulate The Behavior Of AV/EDR For Malware Development Training

CrimsonEDR is an open-source project engineered to identify specific malware patterns, offering a tool for honing skills in circumventing Endpoint Detection and Response EDR. By leveraging diverse detection methods, it empowers users to deepen their understanding of security evasion tactics...

BestEdrOfTheMarket - Little AV/EDR Bypassing Lab For Training And Learning Purposes

Little AV/EDR Evasion Lab for training & learning purposes. ️ under construction..​ | | | | | | \ / \ / | | | | | \ / / | | | | | | | | | | | | | | | | | | ' \ / \ | | | /\ \ | | || || | | || | | | | | | | | / |/||/| ||/|| \ /|| || || ||| | / | | | | | | |/| |/ | '| |/ / \ | | | | | | | |...

PyHook - An Offensive API Hooking Tool Written In Python Designed To Catch Various Credentials Within The API Call

PyHook is the python implementation of my SharpHook project, It uses various API hooks in order to give us the desired credentials. PyHook Uses frida to inject it's dependencies into the target process Supported Processes Process | API Call | Description | Progress ---|---|---|--- mstsc |...

DLLHSC - DLL Hijack SCanner A Tool To Assist With The Discovery Of Suitable Candidates For DLL Hijacking

DLL Hijack SCanner - A tool to generate leads and automate the discovery of candidates for DLL Search Order Hijacking Contents of this repository This repository hosts the Visual Studio project file for the tool DLLHSC, the project file for the API hooking functionality detour, the project file f...

RdpThief - Extracting Clear Text Passwords From Mstsc.Exe Using API Hooking

RdpThief by itself is a standalone DLL that when injected in the mstsc.exe process, will perform API hooking, extract the clear-text credentials and save them to a file. An aggressor script accompanies it, which is responsible for managing the state, monitoring for new processes and injecting the...

Detecting Adblocker Blockers

Interesting research on the prevalence of adblock blockers: "Measuring and Disrupting Anti-Adblockers Using Differential Execution Analysis": Abstract: Millions of people use adblockers to remove intrusive and malicious ads as well as protect themselves against tracking and pervasive surveillance...

Windows/x64 - API Hooking Shellcode (117 bytes)

/ Title : Windows x64 API Hooking Shellcode Author : Roziul Hasan Khan Shifat Size : 117 bytes Date : 16/10/2017 Email : email protected Tested On : Windows 7 Ultimate x64 / / This Shellcode hooks DeteleFileW API Warning: Do no Use this Shellcode on explorer.exe Otherwise You won't be able to...

Windows x64 - API Hooking Shellcode (117 bytes)

Windows x64 - API Hooking Shellcode 117 bytes. Shellcode exploit for Winx86-64 platform / Title : Windows x64 API Hooking Shellcode Author : Roziul Hasan Khan Shifat Size : 117 bytes Date : 16/10/2017 Email : [email protected] Tested On : Windows 7 Ultimate x64 / / This Shellcode hooks...

NetRipper - Smart Traffic Sniffing for Penetration Testers

NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption. NetRipp...

Using Metasploit/NetRipper sniffing encrypted puTTY/Outlook account-vulnerability warning-the black bar safety net

! /Article/UploadPic/2015-8/2015819145144782.jpg This year,the 2 3 annual Defcon conference in the USA Las Vegas Grand opening,and NetRipper it is in the current Defcon General Assembly for the first time available. NetRipper is a tool for Windows operating system vulnerabilities using the tool,i...

Smart Traffic Sniffing: NetRipper

Smart Traffic Sniffing NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before...

Hook Analyser Malware Tool Released

Hook Analyser Malware Tool Released Hook analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer. The tool can hook to an API in a process and can do followin...

CVE-2003-0641

WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local users to load arbitrary modules via the OpenProcess function, as demonstrated using 1 a DLL injection attack, 2 ZwSetSystemInformation, and 3 API hooking in OpenProcess...

CVE-2003-0641

CVE-2003-0641 concerns WatchGuard ServerLock for Windows 2000 prior to SL 2.0.3. The issue allows local users to load arbitrary modules by abusing OpenProcess, demonstrated through three techniques: (1) DLL injection, (2) ZwSetSystemInformation, and (3) API hooking in OpenProcess. The affected co...

CVE-2003-0641

WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local users to load arbitrary modules via the OpenProcess function, as demonstrated using 1 a DLL injection attack, 2 ZwSetSystemInformation, and 3 API hooking in OpenProcess...