Introduction: In this post we are going to have a look into the D/Invoke project by TheWover. He also wrote a really good blog post which you can read here where he demonstrates in detail how the w...

Introduction In this post we will look into how we can manually unhook DLLs that are attached by the EDRs. We can do this by swiping out the hooked version of ntdll.dll, the DLL to which all the fu...

Introduction In this post we are going to loo kat another technique we can use in C# that can help us keep our imports hidden and the Import Address Table (IAT) clean. This is done by the use of de...

Introduction In this post we are going to look at two “features” (lol) that Microsoft provided which can allow us to spoof our parent process ID and also block third party DLLs that are not Microso...

Introduction In this post we are going to look at another method for shellcode execution. THis involves using the API call QueueUserAPC. Like previous Process Hollowing, in this we are going to ope...

Introduction This post is part 2 of shellcode injection techniques. You can read part 1 here. In this one, we will look into Process Hollowing in C#. Process Hollowing Process Hollowing is a techn...

Introduction In the previous post we discussed how we can use WinAPI in C# and call funtions that we can use to build our red team tools. See the post here In this post we will look into how we can...

Introduction C# can be a very useful language to start building your initial red team toolkit in. Understandably, it does not provide the covert-ness (not sure if thats an actual word) that we can ...

Introduction DLL Sideloading is a technique related to DLL Hijacking. Its similar to search order hijacking but instead of dropping a malicious DLL, in this technique we drop a legitimate DLL and a...

Introduction This box is a hard difficulty box which has active directory installed made by aas. This box starts with username enumeration to ASREP Roasting which gives us one user’s hash. Crack...