Herpaderping – Process Herpaderping Bypasses Security Products By Obscuring The Intentions Of A Process

[*] Process Herpaderping is a method of obscuring the intentions of a process by modifying the content on disk after the image has been mapped. This results in curious behavior by security products and the OS itself. Summary Generally, a security product takes action on process creation by registering a callback in the Windows KernelRead More

GIVINGSTORM – Infection Vector That Bypasses AV, IDS, And IPS

The beginnings of a C2 framework. Currently without all the C2 stuff so far. Generates a dual stage VBS infection vector, and a dual stage HTA infection vector. The variables take into account C2 addresses, Koadic/Empire payloads, and a few delivery mechanisms. The payload files are output to an aptly named directory “Payloads” that isRead More

X