Pentester | OSCE(3) CRTM CRTL GXPN GRTP
Following the previous post where we used a shortcut in the Startup Folder to execute files with the hidden attribute, I did some tests using Alternate Data Streams to store all payloads inside a seemingly benign file.
Under normal conditions it is not possible to delete a binary on Windows while it is running. However, using WinAPIs and Alternate Data Streams we will see a binary can delete itself.
One of the most simple persistence methods when you have access as a non-administrative user is using the Startup folder. However, it is not so easy to go completely unnoticed by the legitimate user.
Notes and custom scripts for DNS exfiltration using DigitalOcean and GoDaddy. This project is a complement for SharpCovertTube, it covers how to receive and decode the DNS exfiltrated data.
A program to control Windows systems remotely by uploading videos to Youtube, using C# for the listener and Python to create the videos. The QR codes can be in cleartext or AES-encrypted values.
niiidoru (“ニードル”) is a framework for Process Injection in Windows developed in Go.
Get process(es) from the process name using NtGetNextProcess and GetProcessImageFileName API calls, a stealthier alternative and written in Go this time.