OSEP%20Notes%20Basic%20by%20Joas[1][.]pdf

Sharing

Copy URL Twitter E-mail

General

Target

OSEP%20Notes%20Basic%20by%20Joas[1].pdf
Size

13.8MB
MD5

3b2d55b407277761a25c3e765faa5473
SHA1

3f0ef65cf2564fcb8ff43171ebe7c8c15990fa56
SHA256

08ab9e942cd2eb7a1f4756b1971e9a8ba8a7c705c3fe046aaba76952fc0f91db
SHA512

93e9ae6a5ab1e0d9529200735aef98ae27aaa417f567989a2f8423ee5eacaafe9067841a8a92157714aee1ffedd044f2a3acf1c538a060102f4f57dec3398b60
SSDEEP

393216:jGZczEVMoyQfO1xsmxOqGFHntWMgiiCo5yKMlHVi:eqEV4xTsmxsHtWMg7CKf

Score

4^/10

pdf link

Malware Config

Signatures

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
sample	pdf_with_link_action

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Files

OSEP%20Notes%20Basic%20by%20Joas[1].pdf
.pdf
- https://en.wikipedia.org/wiki/Complex_instruction_set_computer
- https://en.wikipedia.org/wiki/Instruction_set_architecture
- https://en.wikipedia.org/wiki/X86#cite_note-2
- https://en.wikipedia.org/wiki/Intel
- https://en.wikipedia.org/wiki/Intel_8086
- https://en.wikipedia.org/wiki/Microprocessor
- https://en.wikipedia.org/wiki/Intel_8088
- https://en.wikipedia.org/wiki/16-bit_computing
- https://en.wikipedia.org/wiki/8-bit_computing
- https://en.wikipedia.org/wiki/Intel_8080
- https://en.wikipedia.org/wiki/X86_memory_segmentation
- https://en.wikipedia.org/wiki/Intel_80186
- https://en.wikipedia.org/wiki/Intel_80286
- https://en.wikipedia.org/wiki/Intel_80386
- https://en.wikipedia.org/wiki/Intel_80486
- https://en.wikipedia.org/wiki/IBM_PC_compatible
- https://en.wikipedia.org/wiki/Computer_hardware
- https://en.wikipedia.org/wiki/Embedded_system
- https://en.wikipedia.org/wiki/Influence_of_the_IBM_PC_on_the_personal_computer_market#Before_the_IBM_PC's_introduction
- https://en.wikipedia.org/wiki/X86#cite_note-3
- https://en.wikipedia.org/wiki/IBM_PC
- https://en.wikipedia.org/wiki/Desktop_computer
- https://en.wikipedia.org/wiki/Laptop
- https://en.wikipedia.org/wiki/Game_console
- https://en.wikipedia.org/wiki/Nintendo_Switch
- https://en.wikipedia.org/wiki/X86#cite_note-switch-4
- https://en.wikipedia.org/wiki/Wikipedia:Citation_needed
- https://en.wikipedia.org/wiki/Smartphone
- https://en.wikipedia.org/wiki/Tablet_computer
- https://en.wikipedia.org/wiki/ARM_architecture
- https://en.wikipedia.org/wiki/Workstation
- https://en.wikipedia.org/wiki/Cloud_computing
- https://en.wikipedia.org/wiki/X86#cite_note-5
- https://en.wikipedia.org/wiki/TOP500
- https://en.wikipedia.org/wiki/X86#cite_note-top500-6
- https://en.wikipedia.org/wiki/8088
- https://en.wikipedia.org/wiki/80286
- https://en.wikipedia.org/wiki/32-bit_computing
- https://en.wikipedia.org/wiki/Instruction_set
- https://en.wikipedia.org/wiki/Intel_iAPX_432
- https://en.wikipedia.org/wiki/X86#cite_note-7
- https://en.wikipedia.org/wiki/Coprocessor
- https://en.wikipedia.org/wiki/8087
- https://en.wikipedia.org/wiki/8089
- https://en.wikipedia.org/wiki/X86#cite_note-8
- https://en.wikipedia.org/wiki/X86#cite_note-9
- https://en.wikipedia.org/wiki/X86#cite_note-10
- https://en.wikipedia.org/wiki/X86#cite_note-i286-11
- https://en.wikipedia.org/wiki/X86#cite_note-i86-12
- https://en.wikipedia.org/wiki/X86#cite_note-13
- https://en.wikipedia.org/wiki/Embedded_systems
- https://en.wikipedia.org/wiki/Zilog_Z80
- https://en.wikipedia.org/wiki/X86#cite_note-14
- https://en.wikipedia.org/wiki/Midrange_computer
- https://en.wikipedia.org/wiki/Supercomputer
- https://en.wikipedia.org/wiki/Computer_cluster
- https://en.wikipedia.org/wiki/Software
- https://en.wikipedia.org/wiki/Category:X86_operating_systems
- https://en.wikipedia.org/wiki/Low-power_electronics
- https://en.wikipedia.org/wiki/Home_appliance
- https://en.wikipedia.org/wiki/X86#cite_note-15
- https://en.wikipedia.org/wiki/VIA_C7
- https://en.wikipedia.org/wiki/VIA_Nano
- https://en.wikipedia.org/wiki/Advanced_Micro_Devices
- https://en.wikipedia.org/wiki/Geode_(processor)
- https://en.wikipedia.org/wiki/Athlon_Neo
- https://en.wikipedia.org/wiki/Intel_Atom
- https://en.wikipedia.org/wiki/64-bit_computing
- https://en.wikipedia.org/wiki/IAPX_432
- https://en.wikipedia.org/wiki/X86#cite_note-16
- https://en.wikipedia.org/wiki/Intel_960
- https://en.wikipedia.org/wiki/Intel_860
- https://en.wikipedia.org/wiki/Itanium
- https://en.wikipedia.org/wiki/Microarchitecture
- https://en.wikipedia.org/wiki/Electronic_circuit
- https://en.wikipedia.org/wiki/Semiconductor_manufacturing
- https://en.wikipedia.org/wiki/X86#cite_note-17
- https://en.wikipedia.org/wiki/X86
- https://en.wikipedia.org/wiki/Common_Language_Infrastructure
- https://en.wikipedia.org/wiki/Virtual_Execution_System
- https://en.wikipedia.org/wiki/Virtual_machine
- https://en.wikipedia.org/wiki/.NET
- https://en.wikipedia.org/wiki/CoreFX
- https://en.wikipedia.org/wiki/.NET_Framework
- https://en.wikipedia.org/wiki/Common_Language_Runtime
- https://en.wikipedia.org/wiki/Mono_(software)
- https://en.wikipedia.org/wiki/Microsoft
- https://en.wikipedia.org/wiki/Source_code
- https://en.wikipedia.org/wiki/List_of_CLI_languages
- https://en.wikipedia.org/wiki/C_Sharp_(programming_language)
- https://en.wikipedia.org/wiki/J_Sharp
- https://en.wikipedia.org/wiki/Visual_Basic_.NET
- https://en.wikipedia.org/wiki/Wikipedia:Avoid_weasel_words
- https://en.wikipedia.org/wiki/C%2B%2B
- https://en.wikipedia.org/wiki/Managed_Extensions_for_C%2B%2B
- https://en.wikipedia.org/wiki/C%2B%2B/CLI
- https://en.wikipedia.org/wiki/Bjarne_Stroustrup
- https://en.wikipedia.org/wiki/Microsoft_Visual_C%2B%2B
- https://en.wikipedia.org/wiki/Managed_code#cite_note-Gregory-2
- https://en.wikipedia.org/wiki/UCSD_Pascal
- https://en.wikipedia.org/wiki/P-code_machine
- https://en.wikipedia.org/wiki/Inferno_(operating_system)
- https://en.wikipedia.org/wiki/Bell_Labs
- https://en.wikipedia.org/wiki/Dis_virtual_machine
- https://en.wikipedia.org/wiki/Java_(programming_language)
- https://en.wikipedia.org/wiki/Java_bytecode
- https://en.wikipedia.org/wiki/Java_virtual_machine
- https://en.wikipedia.org/wiki/Managed_code
- https://en.wikipedia.org/wiki/High-level_programming_language
- https://en.wikipedia.org/wiki/Class-based_programming
- https://en.wikipedia.org/wiki/Object-oriented_programming
- https://en.wikipedia.org/wiki/Programming_language
- https://en.wikipedia.org/wiki/Dependency_(computer_science)
- https://en.wikipedia.org/wiki/General-purpose_language
- https://en.wikipedia.org/wiki/Programmer
- https://en.wikipedia.org/wiki/Write_once,_run_anywhere
- https://en.wikipedia.org/wiki/Java_(programming_language)#cite_note-17
- https://en.wikipedia.org/wiki/Compiler
- https://en.wikipedia.org/wiki/Java_(programming_language)#cite_note-design_goals-18
- https://en.wikipedia.org/wiki/Computer_architecture
- https://en.wikipedia.org/wiki/Syntax_(programming_languages)
- https://en.wikipedia.org/wiki/C_(programming_language)
- https://en.wikipedia.org/wiki/Low-level_programming_language
- https://en.wikipedia.org/wiki/Reflective_programming
- https://en.wikipedia.org/wiki/Measuring_programming_language_popularity
- https://en.wikipedia.org/wiki/GitHub
- https://en.wikipedia.org/wiki/Java_(programming_language)#cite_note-:0-19
- https://en.wikipedia.org/wiki/Java_(programming_language)#cite_note-20
- https://en.wikipedia.org/wiki/Client%E2%80%93server_model
- https://en.wikipedia.org/wiki/Web_application
- https://en.wikipedia.org/wiki/Java_(programming_language)#cite_note-21
- https://en.wikipedia.org/wiki/James_Gosling
- https://en.wikipedia.org/wiki/Sun_Microsystems
- https://en.wikipedia.org/wiki/Java_(software_platform)
- https://en.wikipedia.org/wiki/Reference_implementation
- https://en.wikipedia.org/wiki/Library_(computing)
- https://en.wikipedia.org/wiki/Proprietary_license
- https://en.wikipedia.org/wiki/Java_Community_Process
- https://en.wikipedia.org/wiki/Software_relicensing
- https://en.wikipedia.org/wiki/GNU_General_Public_License
- https://en.wikipedia.org/wiki/Oracle_Corporation
- https://en.wikipedia.org/wiki/HotSpot_(virtual_machine)
- https://en.wikipedia.org/wiki/OpenJDK
- https://en.wikipedia.org/wiki/Java_version_history
- https://en.wikipedia.org/wiki/Long-term_support
- https://en.wikipedia.org/wiki/Legacy_system
- https://en.wikipedia.org/wiki/Java_8
- https://en.wikipedia.org/wiki/OpenJDK#OpenJDK_builds
- https://en.wikipedia.org/wiki/Java_(programming_language)#cite_note-22
- https://en.wikipedia.org/wiki/Help:IPA/English
- https://en.wikipedia.org/wiki/Help:Pronunciation_respelling_key
- https://en.wikipedia.org/wiki/C_Sharp_(programming_language)#cite_note-17
- https://en.wikipedia.org/wiki/Multi-paradigm_programming_language
- https://en.wikipedia.org/wiki/Strong_typing
- https://en.wikipedia.org/wiki/Lexically_scoped
- https://en.wikipedia.org/wiki/Imperative_programming
- https://en.wikipedia.org/wiki/Declarative_programming
- https://en.wikipedia.org/wiki/Functional_programming
- https://en.wikipedia.org/wiki/Generic_programming
- https://en.wikipedia.org/wiki/Class_(computer_science)
- https://en.wikipedia.org/wiki/Component-based_software_engineering
- https://en.wikipedia.org/wiki/C_Sharp_(programming_language)#cite_note-ECMA-334-18
- https://en.wikipedia.org/wiki/Anders_Hejlsberg
- https://en.wikipedia.org/wiki/International_standard
- https://en.wikipedia.org/wiki/Ecma_International
- https://en.wikipedia.org/wiki/International_Organization_for_Standardization
- https://en.wikipedia.org/wiki/Visual_Studio
- https://en.wikipedia.org/wiki/Proprietary_software
- https://en.wikipedia.org/wiki/Free_and_open-source
- https://en.wikipedia.org/wiki/Cross-platform
- https://en.wikipedia.org/wiki/Runtime_environment
- https://en.wikipedia.org/wiki/Visual_Studio_Code
- https://en.wikipedia.org/wiki/Roslyn_(compiler)
- https://en.wikipedia.org/wiki/Strong_type
- https://en.wikipedia.org/wiki/Bounds_checking
- https://en.wikipedia.org/wiki/Uninitialized_variable
- https://en.wikipedia.org/wiki/Garbage_collection_(computer_science)
- https://en.wikipedia.org/wiki/Software_components
- https://en.wikipedia.org/wiki/Deployment_environment
- https://en.wikipedia.org/wiki/Software_portability
- https://en.wikipedia.org/wiki/Internationalization_and_localization
- https://en.wikipedia.org/wiki/Operating_system
- https://en.wikipedia.org/wiki/Processing_power
- https://en.wikipedia.org/wiki/C_Sharp_(programming_language)#cite_note-21
- https://en.wikipedia.org/wiki/Computer_programming
- https://en.wikipedia.org/wiki/Assembly_language#cite_note-IBM_2014_ASM-1
- https://en.wikipedia.org/wiki/Machine_code
- https://en.wikipedia.org/wiki/Assembly_language#cite_note-Saxon_1962-2
- https://en.wikipedia.org/wiki/Statement_(computer_science)
- https://en.wikipedia.org/wiki/Comment_(computer_programming)
- https://en.wikipedia.org/wiki/Directive_(programming)
- https://en.wikipedia.org/wiki/Assembly_language#cite_note-Kornelis_2010-3
- https://en.wikipedia.org/wiki/Label_(programming)
- https://en.wikipedia.org/wiki/Memory_location
- https://en.wikipedia.org/wiki/Processor_register
- https://en.wikipedia.org/wiki/Macro_instruction
- https://en.wikipedia.org/wiki/Assembly_language#cite_note-IBM_2014_Macro-4
- https://en.wikipedia.org/wiki/Utility_software
- https://en.wikipedia.org/wiki/Assembly_language#Assembler
- https://en.wikipedia.org/wiki/Maurice_Vincent_Wilkes
- https://en.wikipedia.org/wiki/David_John_Wheeler
- https://en.wikipedia.org/wiki/Stanley_J._Gill
- https://en.wikipedia.org/wiki/The_Preparation_of_Programs_for_an_Electronic_Digital_Computer
- https://en.wikipedia.org/wiki/Assembly_language#cite_note-Wilkes_1951-5
- https://en.wikipedia.org/wiki/Assembly_language#cite_note-Fairhead_2017-6
- https://en.wikipedia.org/wiki/Assembly_language#cite_note-Ohio_2016-7
- https://en.wikipedia.org/wiki/Assembly_language#cite_note-Archer_2016-8
- https://en.wikipedia.org/wiki/Assembly_language#cite_note-9
- https://en.wikipedia.org/wiki/Assembly_language#cite_note-OS360_2011-10
- https://en.wikipedia.org/wiki/Assembly_language#cite_note-11
- https://en.wikipedia.org/wiki/Computer_processor
- https://en.wikipedia.org/wiki/System_call
- https://en.wikipedia.org/wiki/Porting
- https://en.wikipedia.org/wiki/Interpreter_(computing)
- https://en.wikipedia.org/wiki/Systems_programming
- https://en.wikipedia.org/wiki/Application_programming
- https://en.wikipedia.org/wiki/No_Silver_Bullet
- https://en.wikipedia.org/wiki/Fred_Brooks
- https://en.wikipedia.org/wiki/Assembly_language#cite_note-Brooks_1986_NSB-12
- https://en.wikipedia.org/wiki/Linux
- https://en.wikipedia.org/wiki/Kernel_(operating_system)
- https://en.wikipedia.org/wiki/C_programming_language
- https://en.wikipedia.org/wiki/Computing
- https://en.wikipedia.org/wiki/Opcode#cite_note-Barron_1978_Opcode-1
- https://en.wikipedia.org/wiki/Opcode#cite_note-Chiba_2007-2
- https://en.wikipedia.org/wiki/Opcode#cite_note-Intel_1973_MCS-4-3
- https://en.wikipedia.org/wiki/Opcode#cite_note-Intel_1974_MCS-40-4
- https://en.wikipedia.org/wiki/Opcode#cite_note-Jones_1988_CISC-5
- https://en.wikipedia.org/wiki/Opcode#cite_note-Domaga%C5%82a_2012-6
- https://en.wikipedia.org/wiki/Opcode#cite_note-Smotherman_2013-7
- https://en.wikipedia.org/wiki/Opcode#cite_note-Jones_2016_CISC-8
- https://en.wikipedia.org/wiki/Opcode#cite_note-Schulman_2005-9
- https://en.wikipedia.org/wiki/Instruction_(computer_science)
- https://en.wikipedia.org/wiki/Operand
- https://en.wikipedia.org/wiki/CPU
- https://en.wikipedia.org/wiki/Virtual_machine#Process_virtual
- https://en.wikipedia.org/wiki/Byte_code
- https://en.wikipedia.org/wiki/Central_processing_unit
- https://en.wikipedia.org/wiki/Opcode#cite_note-Hennessy_2017-10
- https://en.wikipedia.org/wiki/Opcode_table
- https://en.wikipedia.org/wiki/Opcode#cite_note-Mansfield_1983-11
- https://en.wikipedia.org/w/index.php?title=Opcode_prefix&action=edit&redlink=1
- https://en.wikipedia.org/wiki/Call_stack
- https://en.wikipedia.org/wiki/Memory
- https://en.wikipedia.org/wiki/I/O
- https://en.wikipedia.org/wiki/Memory-mapped_I/O
- https://en.wikipedia.org/wiki/Addressing_mode
- https://en.wikipedia.org/wiki/Arithmetic
- https://en.wikipedia.org/wiki/Logical_operation
- https://en.wikipedia.org/wiki/CPUID
- https://en.wikipedia.org/wiki/Assembly_language
- https://en.wikipedia.org/wiki/Assembly_language#Opcode_mnemonics_and_extended_mnemonics
- https://en.wikipedia.org/wiki/Opcode#cite_note-langpop-12
- https://en.wikipedia.org/wiki/Opcode#cite_note-Swanson_2001-13
- https://portswigger.net/daily-swig/html-smuggling-fresh-attack-technique-increasingly-being-used-to-target-banking-sector#:~:text=HTML%20smuggling%20attacks%20enable%20a,is%20deployed%20on%20their%20device
- https://www.microsoft.com/security/blog/2021/11/11/html-smuggling-surges-highly-evasive-loader-technique-increasingly-used-in-banking-malware-targeted-attacks/
- https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/
- https://blog.malwarebytes.com/threat-analysis/2020/12/advanced-cyber-attack-hits-private-and-public-sector-via-supply-chain-software-update/
- https://www.bleepingcomputer.com/news/security/microsoft-warns-of-surge-in-html-smuggling-phishing-attacks/
- https://blog.malwarebytes.com/explained/2021/11/evasive-maneuvers-html-smuggling-explained/
- https://github.com/SofianeHamlaoui/Pentest-Notes/blob/master/.gitbook/assets/screenshot-from-2018-10-09-12-43-33.png
- https://outflank.nl/blog/2018/08/14/html-smuggling-explained/
- https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/august/smuggling-hta-files-in-internet-exploreredge/
- https://github.com/SofianeHamlaoui/Pentest-Notes/blob/master/offensive-security/defense-evasion/file-smuggling-with-html-and-javascript.md
- https://github.com/surajpkhetani/AutoSmuggle
- https://ppn.snovvcrash.rocks/pentest/se/phishing/html-smuggling
- https://bksecurity.org/initial-access-with-xss-and-html-smuggling-theory/
- https://github.com/SofianeHamlaoui/Pentest-Notes/blob/master/.gitbook/assets/file-smuggling-rev-shell.gif
- https://phishing.org/what-is-phishing
- https://www.phishing.org/phishing-techniques
- https://threatpost.com/office-365-phishing-attack-leverages-real-time-active-directory-validation/159188/
- https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks
- https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/
- https://www.nixu.com/blog/demonstration-illicit-consent-grant-attack-azure-ad-office-365
- https://twitter.com/SantasaloJoosua
- https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-device-code
- https://login.microsoftonline.com/common/oauth2/devicecode?api-version=1.0
- https://graph.windows.net/
- https://microsoft.com/devicelogin
- https://login.microsoftonline.com/Common/oauth2/token?api-version=1.0
- https://login.microsoftonline.com/error?code=70016
- https://outlook.office365.com/
- https://login.microsoftonline.com/Common/oauth2/token
- https://o365blog.com/aadinternals/#invoke-aadintphishing
- https://o365blog.com/aadinternals
- https://o365blog.com/post/cloudshell/
- https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
- https://docs.microsoft.com/en-us/powershell/module/azuread/revoke-azureaduserallrefreshtoken?view=azureadps-2.0
- http://login.microsoftonline.com/
- https://gist.github.com/Mr-Un1k0d3r/afef5a80cb72dfeaa78d14465fb0d333
- https://twitter.com/MrUn1k0d3r
- http://microsoft.com/
- https://o365blog.com/post/phishing/
- https://github.com/mdsecactivebreach/o365-attack-toolkit/blob/master/images/Architecture.png
- https://github.com/AlteredSecurity/365-Stealer
- https://www.contextis.com/blog/category/vulnerabilities-and-exploits
- https://docs.microsoft.com/en-us/windows-hardware/drivers/gettingstarted/virtual-address-spaces
- https://docs.microsoft.com/en-us/windows/desktop/memory/data-execution-prevention
- https://docs.microsoft.com/en-us/windows/desktop/memory/memory-protection-constants
- https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools
- https://docs.microsoft.com/en-us/cpp/assembler/inline/inline-assembler?view=vs-2019
- https://twitter.com/mrun1k0d3r?lang=en
- https://github.com/Mr-Un1k0d3r/Shellcoding
- https://twitter.com/subTee
- https://gist.github.com/caseysmithrc/0b40f1ec0340edd5efe54f1111bba325
- https://blog.ensilo.com/atombombing-brand-new-code-injection-for-windows
- https://resources.infosecinstitute.com/return-oriented-programming-rop-attacks/
- https://en.wikipedia.org/wiki/Return-oriented_programming
- https://www.contextis.com/en/blog/a-beginners-guide-to-windows-shellcode-execution-techniques
- https://github.com/odzhan/shellcode/blob/master/os/win/x86/inmem/29A-6.010
- https://github.com/TheWover/donut
- https://github.com/odzhan/shellcode/tree/master/os/win/x86/inmem
- https://modexp.wordpress.com/2019/06/24/inmem-exec-dll/
- https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-virtualallocex
- https://docs.microsoft.com/en-us/windows/win32/devnotes/rtlmovememory
- https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createthread
- https://san3ncrypt3d.com/2021/08/13/VBAShell/www.pinvoke.net
- http://adamringenberg.com/powershell2/Add-Type/
- https://www.youtube.com/watch?v=nO6SoCNVQXI&ab_channel=San3ncrypt3d
- https://san3ncrypt3d.com/2021/08/13/VBAShell/
- https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/
- https://en.wikipedia.org/wiki/User_Account_Control
- https://null-byte.wonderhowto.com/how-to/create-obfuscate-virus-inside-microsoft-word-document-0167780/
- https://msdn.microsoft.com/en-us/library/windows/desktop/ms648774(v=vs.85).aspx
- https://null-byte.wonderhowto.com/how-to/use-pupy-linux-remote-access-tool-0180320/
- https://img.wonderhowto.com/img/original/72/51/63643338566033/0/636433385660337251.jpg
- https://img.wonderhowto.com/img/original/74/94/63643231716699/0/636432317166997494.jpg
- https://null-byte.wonderhowto.com/how-to/place-virus-word-document-for-mac-os-x-0170169/
- https://img.wonderhowto.com/img/original/55/53/63643231812293/0/636432318122935553.jpg
- https://img.wonderhowto.com/img/original/33/38/63643229028891/0/636432290288913338.jpg
- https://img.wonderhowto.com/img/original/74/63/63643229162698/0/636432291626987463.jpg
- https://img.wonderhowto.com/img/original/82/53/63643229420985/0/636432294209858253.jpg
- https://img.wonderhowto.com/img/original/02/80/63643229590005/0/636432295900050280.jpg
- http://akk.li/pics/anne.jpg
- https://null-byte.wonderhowto.com/how-to/bypass-antivirus-using-powershell-and-metasploit-kali-tutorial-0167601/
- https://img.wonderhowto.com/img/original/24/13/63643229673652/0/636432296736522413.jpg
- https://img.wonderhowto.com/img/original/28/88/63643229966083/0/636432299660832888.jpg
- https://img.wonderhowto.com/img/original/46/16/63643230158322/0/636432301583224616.jpg
- https://null-byte.wonderhowto.com/how-to/execute-code-microsoft-word-document-without-security-warnings-0180495/
- https://0xhop.github.io/evasion/2021/04/19/evasion-pt1/
- https://twitter.com/mattifestation/status/735261176745988096?lang=en
- https://amsi.fail/
- https://docs.microsoft.com/en-us/powershell/scripting/developer/hosting/adding-and-invoking-commands?view=powershell-7.1
- https://raikia.com/tool-powershell-encoder/
- https://antiscan.me/scan/new/result?id=0PLTyYg8ovg0
- https://0xhop.github.io/evasion/2021/05/26/evasion-pt2/
- https://themayor.notion.site/53512dc072c241589fc45c577ccea2ee?v=7b908e7e76a9416f98f40d9d3843d3cb
- http://www.exploit-monday.com/2011/10/exploiting-powershells-features-not.html
- https://www.trustedsec.com/blog/native-powershell-x86-shellcode-injection-on-64-bit-platforms/
- https://msdn.microsoft.com/en-us/library/windows/desktop/bb525382(v=vs.85).aspx
- http://www.joeware.net/freetools/tools/netsess/index.htm
- https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerView
- http://www.pinvoke.net/
- http://blogs.technet.com/b/heyscriptingguy/archive/2013/06/25/use-powershell-to-interact-with-the-windows-api-part-1.aspx
- http://blogs.technet.com/b/heyscriptingguy/archive/2013/06/26/use-powershell-to-interact-with-windows-apis-part-2.aspx
- http://blogs.technet.com/b/heyscriptingguy/archive/2013/06/27/use-powershell-to-interact-with-the-windows-api-part-3.aspx
- http://www.exploit-monday.com/2012/05/accessing-native-windows-api-in.html
- http://www.exploit-monday.com/2012/07/structs-and-enums-using-reflection.html
- https://github.com/FuzzySecurity/PowerShell-Suite/blob/master/Invoke-CreateProcess.ps1
- https://github.com/FuzzySecurity/PowerShell-Suite/blob/master/Invoke-NetSessionEnum.ps1
- http://www.pinvoke.net/default.aspx/user32/MessageBox.html
- https://msdn.microsoft.com/en-us/library/windows/desktop/ms645505(v=vs.85).aspx
- https://www.fuzzysecurity.com/tutorials/24.html
- https://msdn.microsoft.com/en-us/library/windows/desktop/ms687393(v=vs.85).aspx
- https://msdn.microsoft.com/en-us/library/windows/desktop/ms682425(v=vs.85).aspx
- https://msdn.microsoft.com/en-us/library/windows/desktop/ms686331(v=vs.85).aspx
- https://msdn.microsoft.com/en-us/library/windows/desktop/ms684873(v=vs.85).aspx
- https://msdn.microsoft.com/en-us/library/windows/desktop/aa379560(v=vs.85).aspx
- https://github.com/PowerShellMafia/PowerSploit
- https://www.netskope.com/pt/blog/netskope-threat-coverage-emotet
- https://malpedia.caad.fkie.fraunhofer.de/details/win.icedid
- https://www.netskope.com/pt/blog/cloud-threats-memo-dridex-phishing-posing-as-covid-19-relief
- https://www.netskope.com/pt/blog/bazarloader-using-lolbins-through-office-documents-to-deliver-payloads
- https://www.netskope.com/pt/blog/you-can-run-but-you-cant-hide-detecting-malicious-office-documents
- https://support.microsoft.com/en-us/topic/description-of-behaviors-of-autoexec-and-autoopen-macros-in-word-fb8f519e-9577-5cfd-ee25-c7fd6d653a29
- https://lolbas-project.github.io/lolbas/Binaries/Certutil/
- https://www.netskope.com/pt/blog/netskope-threat-coverage-revil
- https://attack.mitre.org/techniques/T1547/001/
- https://github.com/cobbr/Covenant
- https://www.microsoft.com/security/blog/2016/03/22/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection/
- https://www.netskope.com/pt/blog/malicious-office-documents-multiple-ways-to-deliver-payloads
- https://blog.securityevaluators.com/creating-av-resistant-malware-part-3-fdacdf071a5f
- https://gchq.github.io/CyberChef/
- https://www.aldeid.com/wiki/Shellcode2exe
- https://onlinedisassembler.com/odaweb/
- https://docs.microsoft.com/en-us/windows/win32/api/
- https://github.com/hlldz/SpookFlare
- https://github.com/gen0cide/gscript
- https://www.youtube.com/watch?v=8yjMlMf8NpQ
- https://github.com/ahhh/gscripts
- https://github.com/ahhh/gscripts/blob/master/attack/multi/dropper/merlin_example.gs
- https://github.com/ahhh/presentations/blob/master/DEFCON26%20GSCRIPT%20Workshop.pdf
- https://khast3x.club/posts/2020-02-14-Intro-Modern-Routing-Traefik-Metasploit-Docker/
- https://docs.docker.com/engine/install/ubuntu/
- https://www.youtube.com/watch?v=cfHSIrVh_wY
- https://ired.team/offensive-security/defense-evasion
- https://github.com/gen0cide/gscript/tree/master/docs/stdlib
- https://gist.github.com/khast3x/4ecb659508d310b535e857fe67c0f2eb
- https://github.com/gen0cide/gscript/blob/master/docs/tutorials/08_0_compiling.md
- https://khast3x.club/assets/C2/gscriptmsf_final.png
- https://khast3x.club/posts/2020-02-14-Intro-Modern-Routing-Traefik-Metasploit-Docker
- https://attack.mitre.org/techniques/T1117/
- https://attack.mitre.org/techniques/T1127/
- https://attack.mitre.org/techniques/T1170/
- https://en.wikipedia.org/wiki/Active_Scripting
- https://modexp.wordpress.com/2019/07/21/inmem-exec-script/
- https://attack.mitre.org/techniques/T1220/
- http://subt0x11.blogspot.com/2018/04/wmicexe-whitelisting-bypass-hacking.html
- https://twitter.com/TheRealWover/status/1137382984418516992
- https://blog.kowalczyk.info/articles/pefileformat.html
- https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-image_optional_header32
- https://twitter.com/byt3bl33d3r
- https://github.com/TheWover/donut/blob/master/docs/2019-08-21-Python_Extension.md
- https://thewover.github.io/Bear-Claw/
- http://www.drdobbs.com/a-dynacall-function-for-win32/184416502
- http://www.drdobbs.com/windows/an-automation-object-for-dynamic-dll-cal/210200078
- https://twitter.com/blair_strang
- https://web.archive.org/web/20110921221342/http:/dev.metasploit.com/redmine/issues/3894
- http://dynwrapx.script-coding.com/dwx/pages/dynwrapx.php?lang=en
- https://web.archive.org/web/20160913080156/http:/subt0x10.blogspot.com/2016/09/shellcode-via-jscript-vbscript.html
- https://twitter.com/subtee
- https://www.microsoft.com/security/blog/2019/07/01/delivering-major-enhancements-in-windows-defender-application-control-with-the-windows-10-may-2019-update/
- https://www.virusbulletin.com/conference/vb2007/abstracts/last-minute-presentation-novel-code-obfuscation-com/
- https://docs.microsoft.com/en-us/scripting/winscript/reference/iactivescript
- https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms526064(v=vs.90)
- http://web.archive.org/web/20060320163550/http:/www.mindspring.com/~mark_baker/toc.htm
- https://docs.microsoft.com/en-us/windows/win32/com/the-component-categories-manager
- https://gist.github.com/odzhan/5a96d6ebe16dd69c4813f99411b46d0a
- https://www.activestate.com/
- https://www.codeproject.com/Articles/14905/COM-in-plain-C-Part-6
- https://gist.github.com/odzhan/d18145b9538a3653be2f9a580b53b063
- https://github.com/odzhan/shellcode/blob/master/os/win/x86/inmem/ax.asm
- https://geidav.wordpress.com/tag/stack-probing/
- https://docs.microsoft.com/en-us/cpp/build/reference/gs-control-stack-checking-calls?view=vs-2019
- https://docs.microsoft.com/en-us/previous-versions/at5ydy31%28v%3dvs.85%29
- https://docs.microsoft.com/en-us/previous-versions/fw0fx1aw%28v%3dvs.85%29
- https://docs.microsoft.com/en-us/previous-versions/6t81adfd%28v%3dvs.85%29
- https://github.com/bitsadmin/revbshell
- https://github.com/TheWover/donut/blob/dev/payload/activescript.c
- https://docs.microsoft.com/en-us/scripting/winscript/reference/iactivescript-addnameditem
- https://www.benf.org/other/olewoo/index.html
- https://docs.microsoft.com/en-us/scripting/winscript/reference/iactivescriptsite-getiteminfo
- https://github.com/TheWover/donut/blob/dev/payload/wscript.c
- https://gist.github.com/odzhan/3ed55e3a9cbcdc3e2fa84073fc1adf4c
- https://gist.github.com/TheWover/3cdf0c33e7c1f40d0bac8c97d7523bcb
- https://twitter.com/therealwover
- https://kobyk.wordpress.com/2007/09/13/a-lightweight-approach-for-exposing-c-objects-to-a-hosted-active-scripting-engine/
- https://docs.microsoft.com/en-us/windows/win32/api/oleauto/nf-oleauto-createdisptypeinfo
- https://docs.microsoft.com/en-us/windows/win32/api/oleauto/nf-oleauto-createstddispatch
- https://0x1.gitlab.io/exploitation-tools/Donut/
- https://www.cynet.com/wp-content/uploads/2021/04/ATTCK-ID-Chart.png
- https://www.cynet.com/wp-content/uploads/2021/04/DLL-Injection-e1619603776690.png
- https://www.cynet.com/wp-content/uploads/2021/04/Reflective-DLL-Flow_V1-3.png
- https://www.cynet.com/wp-content/uploads/2021/04/Reflective-Loader-Fn-Flow_V1-1.png
- https://www.cynet.com/wp-content/uploads/2021/04/Thread-Execution-Hijacking_V1-1.png
- http://www.rohitab.com/apimonitor
- https://www.cynet.com/wp-content/uploads/2021/04/PE-Injection_V1-3.png
- https://www.cynet.com/wp-content/uploads/2021/04/Suspicious-API.png
- https://www.cynet.com/wp-content/uploads/2021/04/API-Output.png
- https://www.cynet.com/wp-content/uploads/2021/04/API-Injection-Selected.png
- https://www.cynet.com/wp-content/uploads/2021/04/CreateRemoteThread.png
- https://www.cynet.com/wp-content/uploads/2021/04/WriteProcessMemory.png
- https://www.cynet.com/wp-content/uploads/2021/04/WriteProcessMemory-Sections.png
- https://www.cynet.com/wp-content/uploads/2021/04/WriteProcessMemory-MSDN.png
- https://www.cynet.com/wp-content/uploads/2021/04/Injected-Code.png
- https://www.cynet.com/wp-content/uploads/2021/04/Injected-Shellcode.png
- https://www.cynet.com/attack-techniques-hands-on/process-injection-techniques/
- https://www.cynet.com/wp-content/uploads/2021/04/Listener.png
- https://www.cynet.com/wp-content/uploads/2021/04/Cynet-Alert.png
- https://www.cynet.com/wp-content/uploads/2021/04/Cynet-UI.png
- https://www.howtogeek.com/363845/what-is-code-injection-on-windows/amp/
- https://stackoverflow.com/questions/869320/how-do-i-prevent-dll-injection#comment82169858_869615
- https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview
- https://docs.microsoft.com/en-us/windows/security/identity-protection/user-account-control/user-account-control-overview
- https://medium.com/@benoit.sevens/arbitrary-code-guard-cd74c30f8dfe
- https://medium.com/csg-govtech/process-injection-techniques-used-by-malware-1a34c078612c
- https://redcanary.com/threat-detection-report/techniques/process-injection/
- https://codingvision.net/c-inject-a-dll-into-a-process-w-createremotethread
- https://github.com/ihack4falafel/DLL-Injection
- https://pentestlab.blog/2017/04/04/dll-injection/
- http://securityxploded.com/remote-dll-injector.php
- https://clymb3r.wordpress.com/2013/04/06/reflective-dll-injection-with-powershell/
- http://blog.opensecurityresearch.com/2013/01/windows-dll-injection-basics.html
- https://disman.tl/2015/01/30/an-improved-reflective-dll-injection-technique.html
- https://github.com/stephenfewer/ReflectiveDLLInjection
- https://www.nettitude.co.uk/dll-injection-part-two/
- https://pentestlab.blog/tag/dll-injection/page/2/
- https://www.joachim-bauch.de/tutorials/loading-a-dll-from-memory/
- https://github.com/nettitude/SimplePELoader/
- https://www.mdsec.co.uk/2017/07/powershell-dns-delivery-with-powerdns/
- https://twitter.com/buffaloverflow
- https://www.mdsec.co.uk/wp-content/uploads/2018/03/sharpshooterstageld.png
- https://twitter.com/arvanaghi
- https://github.com/arvanaghi/CheckPlease
- https://www.mdsec.co.uk/wp-content/uploads/2018/03/rich.png
- https://github.com/nccgroup/demiguise
- https://twitter.com/Arno0x0x
- https://github.com/Arno0x/EmbedInHTML
- http://www.foo.bar/shellcode.payload
- https://www.mdsec.co.uk/wp-content/uploads/2018/03/ssexec.png
- https://www.mdsec.co.uk/wp-content/uploads/2018/03/mcafee.png
- https://www.mdsec.co.uk/wp-content/uploads/2018/03/procmon.png
- https://www.mdsec.co.uk/2018/03/payload-generation-using-sharpshooter/
- https://www.mdsec.co.uk/wp-content/uploads/2018/03/cmdline.png
- https://www.mdsec.co.uk/wp-content/uploads/2018/03/dns.png
- https://medium.com/csg-govtech/process-injection-techniques-used-by-malware-1a34c078612c#:~:text=Process%20injection%20is%20a%20camouflage%20technique%20used%20by,except%20for%20the%20malicious%20content%20in%20the%20former.
- https://www.autosectools.com/Process-Hollowing.pdf
- https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createprocessa
- https://docs.microsoft.com/en-us/windows/win32/memory/memory-protection-constants
- https://code.google.com/archive/p/process-hollowing/downloads
- https://github.com/reevesrs24/EvasiveProcessHollowing
- https://github.com/3xpl01tc0d3r/ProcessInjection
- https://www.hackingarticles.in/process-hollowing-mitret1055-012
- https://gist.github.com/smgorelik/9a80565d44178771abf1e4da4e2a0e75
- https://gist.github.com/affix/994d7b806a6eaa605533f46e5c27fa5e
- https://github.com/Kara-4search/ProcessHollowing_CSharp
- https://github.com/sbridgens/ProcessHollowing
- https://oddvar.moe/2018/01/14/putting-data-in-alternate-data-streams-and-how-to-execute-it/
- https://oddvar.moe/2018/04/11/putting-data-in-alternate-data-streams-and-how-to-execute-it-part-2/
- https://blogs.technet.microsoft.com/askcore/2013/03/24/alternate-data-streams-in-ntfs/
- https://www.trustedsec.com/blog/discovering-the-anti-virus-signature-and-bypassing-it/
- https://powersploit.readthedocs.io/en/latest/AntivirusBypass/Find-AVSignature/
- https://github.com/hegusung/AVSignSeek
- https://securityonline.info/avsignseek-determine-where-the-av-signature-is-located-in-a-binary-payload/
- https://github.com/rapid7/metasploit-framework/blob/7718992ea4b01ccd7d92588fc365061cfe832467/lib/msf/util/exe.rb#L1653
- https://github.com/rapid7/metasploit-framework/blob/7718992ea4b01ccd7d92588fc365061cfe832467/lib/msf/util/exe.rb#L1825-L1842
- https://github.com/rapid7/metasploit-framework/blob/7718992ea4b01ccd7d92588fc365061cfe832467/lib/msf/util/exe.rb#L1816
- https://hatching.io/blog/metasploit-payloads/#:~:text=Metasploit%20has%20encoders%20which%20you,key%20is%20chosen%20at%20random
- https://www.errorsfind.com/how-to-use-encoder-modules-in-metasploit/04/15/
- https://www.infosecmatter.com/metasploit-module-library/?mm=encoder/x86/add_sub
- https://www.youtube.com/watch?v=T-6uW5eCKF4
- https://www.offensive-security.com/wp-content/uploads/2015/05/msfvenom_c_2.png
- https://thedarksource.com/msfvenom-cheat-sheet-create-metasploit-payloads#payloads-with-encryptions
- https://www.youtube.com/watch?v=b46ZfOcUVGo
- https://www.youtube.com/watch?v=bF5s2xrWDpg&feature=emb_logo
- https://www.ired.team/offensive-security/defense-evasion/av-bypass-with-metasploit-templates
- https://sushant747.gitbooks.io/total-oscp-guide/content/bypassing_antivirus.html
- https://www.christophertruncer.com/bypass-antivirus-with-meterpreter-as-the-payload-hyperion-fun/
- https://www.youtube.com/watch?v=ffWzbFLvHQw
- https://madcityhacker.com/2019/02/24/bypassing-av-with-veil-basic-configuration/
- https://www.youtube.com/watch?v=NjMyyO-Lx50
- https://www.youtube.com/watch?v=W5MQJ7OWRPg
- https://arty-hlr.com/blog/2021/05/06/how-to-bypass-defender/
- https://damonmohammadbagher.github.io/Posts/ebookBypassingAVsByCsharpProgramming/index.htm
- https://medium.com/@carlosprincipal1/how-to-bypass-antivirus-av-2020-easy-method-69749892928b
- https://gist.github.com/iknowjason/08d452e059ec43fa4efdb59ddb0da3e7
- https://www.cybereason.com/blog/valak-more-than-meets-the-eye
- https://labs.inquest.net/dfi/sha256/bf27a7b725ef434d21f6f7aa8af4fbd2398b352eb9b1d74c46a1e4595f7ce39b
- https://infosecwriteups.com/fun-with-creating-a-vbs-payload-to-bypass-endpoint-security-and-other-layers-44afd724de1b
- https://docs.microsoft.com/fr-fr/windows/win32/api/oleauto/nf-oleauto-dispcallfunc?redirectedfrom=MSDN
- http://exceldevelopmentplatform.blogspot.com/2017/05/dispcallfunc-opens-new-door-to-com.html
- https://github.com/rmdavy/VBAFunctionPointers/blob/main/FunctionPointers.bas
- https://docs.microsoft.com/fr-fr/office/vba/language/reference/user-interface-help/data-type-summary
- https://blog.sevagas.com/Launch-shellcodes-and-bypass-Antivirus-using-MacroPack-Pro-VBA-payloads
- https://www.youtube.com/watch?v=Zl7zWa8au28
- https://github.com/S3cur3Th1sSh1t/OffensiveVBA
- https://www.offensive-security.com/metasploit-unleashed/vbscript-infection-methods/
- https://www.certego.net/en/news/advanced-vba-macros/
- https://home.kpmg/nl/en/home/insights/2022/05/injecting-a-cobalt-strike-beacon-from-an-office-macro-under-windows-defender.html
- https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell
- https://twitter.com/Lee_Holmes/status/1189215159765667842
- https://twitter.com/ShitSecure
- https://twitter.com/mattifestation
- https://twitter.com/_RastaMouse
- https://github.com/rasta-mouse/AmsiScanBufferBypass
- https://github.com/RythmStick/AMSITrigger
- https://fatrodzianko.com/2020/08/25/getting-rastamouses-amsiscanbufferbypass-to-work-again/
- https://www.contextis.com/us/blog/amsi-bypass
- https://twitter.com/am0nsec
- https://docs.microsoft.com/en-us/windows/win32/api/amsi/ne-amsi-amsi_result
- https://twitter.com/_xpn_
- https://www.mdsec.co.uk/2018/06/exploring-powershell-amsi-and-logging-evasion/
- https://twitter.com/Flangvik
- https://sensepost.com/blog/2020/resurrecting-an-old-amsi-bypass/
- https://gist.github.com/FatRodzianko/c8a76537b5a87b850c7d158728717998
- https://gist.github.com/am0nsec/986db36000d82b39c73218facc557628
- https://gist.github.com/am0nsec/854a6662f9df165789c8ed2b556e9597
- https://github.com/med0x2e/NoAmci
- https://github.com/tomcarver16/AmsiHook
- https://attack.mitre.org/techniques/T1059/001/
- https://attack.mitre.org/techniques/T1106/
- https://attack.mitre.org/techniques/T1055/001/
- https://attack.mitre.org/techniques/T1027/
- https://attack.mitre.org/techniques/T1562/001/
- https://attack.mitre.org/techniques/T1574/001/
- https://attack.mitre.org/techniques/T1132/001/
- https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
- https://www.hackingarticles.in/a-detailed-guide-on-amsi-bypass/
- https://s3cur3th1ssh1t.github.io/Bypass_AMSI_by_manual_modification/
- https://www.redteam.cafe/red-team/powershell/using-reflection-for-amsi-bypass
- https://fluidattacks.com/blog/amsi-bypass/
- https://thalpius.com/2021/10/14/microsoft-windows-antimalware-scan-interface-bypasses/
- https://blog.ironmansoftware.com/protect-amsi-bypass/
- https://cheatsheet.haax.fr/windows-systems/privilege-escalation/amsi_and_evasion/
- https://unsafe.sh/go-108829.html
- https://infosecwriteups.com/bypass-amsi-in-powershell-a-nice-case-study-f3c0c7bed24d
- https://fluidattacks.com/solutions/red-teaming
- http://amsi.fail/
- https://twitter.com/_rastamouse
- https://docs.microsoft.com/en-us/windows/win32/procthread/process-security-and-access-rights
- https://fluidattacks.com/blog/amsi-bypass-python/amsibypass.py
- https://fluidattacks.com/blog/amsi-bypass-python/
- https://docs.microsoft.com/en-us/windows/win32/amsi/antimalware-scan-interface-portal
- https://docs.microsoft.com/en-us/windows/desktop/api/amsi/nf-amsi-amsiinitialize
- https://docs.microsoft.com/en-us/windows/desktop/api/amsi/nf-amsi-amsiopensession
- https://docs.microsoft.com/en-us/windows/desktop/api/amsi/nf-amsi-amsiscanbuffer
- https://docs.microsoft.com/en-us/windows/desktop/api/amsi/nf-amsi-amsiclosesession
- https://docs.microsoft.com/en-us/windows/desktop/api/amsi/nf-amsi-amsiuninitialize
- https://processhacker.sourceforge.io/
- https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-getprocaddress
- https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-virtualprotect
- https://hex-rays.com/ida-free/
- https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/705fb797-2175-4a90-b5a3-3918024b10b8
- https://defuse.ca/online-x86-assembler.htm#disassembly
- https://www.mdsec.co.uk/wp-content/uploads/2018/06/Screen-Shot-2018-06-15-at-23.06.13.png
- https://www.mdsec.co.uk/wp-content/uploads/2018/06/Screen-Shot-2018-06-16-at-01.18.05.png
- https://www.mdsec.co.uk/wp-content/uploads/2018/06/Screen-Shot-2018-06-16-at-18.51.35.png
- https://www.mdsec.co.uk/wp-content/uploads/2018/06/Screen-Shot-2018-06-16-at-17.01.46.png
- https://www.mdsec.co.uk/wp-content/uploads/2018/06/Screen-Shot-2018-06-16-at-17.41.51.png
- https://www.mdsec.co.uk/wp-content/uploads/2018/06/Screen-Shot-2018-06-15-at-17.19.13.png
- https://www.mdsec.co.uk/wp-content/uploads/2018/06/Screen-Shot-2018-06-15-at-15.21.18.png
- https://www.mdsec.co.uk/wp-content/uploads/2018/06/Screen-Shot-2018-06-15-at-15.23.19.png
- https://www.mdsec.co.uk/wp-content/uploads/2018/06/Screen-Shot-2018-06-16-at-17.44.07.png
- https://blogs.msdn.microsoft.com/powershell/2015/06/09/powershell-the-blue-team/
- https://www.mdsec.co.uk/wp-content/uploads/2018/06/Screen-Shot-2018-06-15-at-23.55.00.png
- https://www.mdsec.co.uk/wp-content/uploads/2018/06/Screen-Shot-2018-06-15-at-23.49.18.png
- https://www.twitter.com/cobbr_io
- https://github.com/EmpireProject/Empire/pull/603
- https://github.com/EmpireProject/Empire/blob/master/lib/listeners/http.py#L296
- https://www.mdsec.co.uk/wp-content/uploads/2018/06/Screen-Shot-2018-06-18-at-00.16.01.png
- http://pstask.commandstart/
- https://www.mdsec.co.uk/wp-content/uploads/2018/06/Screen-Shot-2018-06-15-at-19.42.55.png
- https://www.mdsec.co.uk/wp-content/uploads/2018/06/Screen-Shot-2018-06-17-at-22.38.01.png
- https://portswigger.net/daily-swig/html-smuggling-fresh-attack-technique-increasingly-being-used-to-target-banking-sector#:~:text=HTML%20smuggling%20attacks%20enable%20a,is%20deployed%20on%20their%20device.
- http://window.navigator.ms
- http://a.style
- http://a.download
- http://a.click
- http://phishing.org
- http://microsoft.com/devicelogin
- https://graph.windows.net
- http://something.com
- http://target.org
- https://outlook.office365.com
- http://company.com
- http://somewhere.com
- http://login.microsoftonline.com
- http://microsoft.com
- http://Phishing.org
- https://docs.microsoft.com/en-us/windows-hardware/drivers/gettingstarted/virtual-address-spaces.
- https://docs.microsoft.com/en-us/windows/desktop/memory/memory-protection-constants.
- https://github.com/Mr-Un1k0d3r/Shellcoding.
- http://ds.inc
- http://AmsiBypass.ps
- http://Shell.ps
- http://shell.ps
- http://amsi.fail
- http://AntiScan.me
- http://www.exploit-monday.com/2011/10/exploiting-powershells-features-not.html.
- https://www.trustedsec.com
- http://unicorn.py
- http://Invoke-CreateProcess.ps
- http://Invoke-NetSessionEnum.ps
- http://artofpwn.com
- http://spookflare.com
- https://github.com/gen0cide/gscript.git
- http://double_delivery.gs
- http://ax.inc
- http://EXH004.contoso.com
- http://S4BLYNC.contoso.com
- http://SharpShooter.py
- http://bar.foo
- http://foo.bar
- http://example.com
- https://raw.githubusercontent.com/api0cradle/LOLBAS/master/OSBinaries/Payload/Regsvr32_calc.sct
- http://revtcp86shik.pl
- http://XnQUJbgAv.run
- https://hatching.io/blog/metasploit-payloads/#:~:text=Metasploit%20has%20encoders%20which%20you,key%20is%20chosen%20at%20random.
- http://2.in
- http://www.virustotal.com
- http://1.you
- http://4xj0nhh.com
- https://twitter.com/hasherezade
- https://t.co/0rd9sjhFAW
- http://ASBBypass.ps
- http://amsi-opcode.ps
- http://AMSI-Patch.ps
- http://amsibypass.py
- http://testhandle.py
- http://enummodules.py
- http://me32.sz
- http://fluidattacks.com
- https://www.linkedin.com/in/andres-roldan/
- https://twitter.com/andresroldan
- http://defuse.ca
- Show all