CrimsonEDR - Simulate The Behavior Of AV/EDR For Malware Development Training

CrimsonEDR is an open-source project engineered to identify specific malware patterns, offering a tool for honing skills in circumventing Endpoint Detection and Response EDR. By leveraging diverse detection methods, it empowers users to deepen their understanding of security evasion tactics...

China-linked Hackers Deploy New 'UNAPIMON' Malware for Stealthy Operations

A threat activity cluster tracked as Earth Freybug has been observed using a new malware called UNAPIMON to fly under the radar. "Earth Freybug is a cyberthreat group that has been active since at least 2012 that focuses on espionage and financially motivated activities," Trend Micro security...

Earth Freybug Uses UNAPIMON for Unhooking Critical APIs

This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library DLL hijacking and application programming interface API unhooking to prevent child processes from being monitored via a new malware we’ve discovered and dubbed UNAPIMON...

AtomLdr - A DLL Loader With Advanced Evasive Features

A DLL Loader With Advanced Evasive Features Features: CRT library independent. The final DLL file, can run the payload by loading the DLL executing its entry point, or by executing the exported "Atom" function via the command line. DLL unhooking from \KnwonDlls\ directory, with no RWX sections. T...

TerraLdr - A Payload Loader Designed With Advanced Evasion Features

TerraLdr: A Payload Loader Designed With Advanced Evasion Features Details: no crt functions imported syscall unhooking using KnownDllUnhook api hashing using Rotr32 hashing algo payload encryption using rc4 - payload is saved in .rsrc process injection - targetting 'SettingSyncHost.exe' ppid...

EDRSandblast - Tool That Weaponize A Vulnerable Signed Driver To Bypass EDR Detections And LSASS Protections

EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections Kernel callbacks and ETW TI provider and LSASS protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring. As of release, combination of userland...

NimPackt-v1 - Nim-based Assembly Packer And Shellcode Loader For Opsec And Profit

ByCas van Cooten @chvancooten With special thanks to Marcello Salvati @byt3bl33der and Fabian Mosch @S3cur3Th1sSh1t Description Update: NimPackt-v1 is among the worst code I have ever written I was just starting out learning Nim. Because of this, I started on a full rewrite of NimPackt, dubbed...

UnhookMe - An Universal Windows API Resolver And Unhooker Addressing Problem Of Invoking Unmonitored System Calls From Within Of Your Red Teams Malware

In the era of intrusive AVs and EDRs that introduce hot-patches to the running processes for their enhanced optics requirements, modern adversaries must have a robust tool to slide through these watchguards. The propsed implementation of dynamic imports resolver that would be capable of unhooking...

openSUSE Security Update : XEN (openSUSE-SU-2012:1572-1)

This security update of XEN fixes various bugs and security issues. - Upstream patch 26088-xend-xml-filesize-check.patch - bnc787163 - CVE-2012-4544: xen: Domain builder Out-of- memory due to malicious kernel/ramdisk XSA 25 CVE-2012-4544-xsa25.patch - bnc779212 - CVE-2012-4411: XEN / qemu: guest...