https://r0tbyt3.dev/tags/cybersecurity/Recent content in Cybersecurity on Jesus OsegueraHugoen-usSat, 22 Nov 2025 00:00:00 +0000https://r0tbyt3.dev/blog/11-22-2025-cyberforce-competition/Sat, 22 Nov 2025 00:00:00 +0000https://r0tbyt3.dev/blog/11-22-2025-cyberforce-competition/Overview Last weekend I had the opportunity to travel to Tinley Park, Illinois to participate in the 2025 CyberForce Competition hosted by the Department of Energy. This competition brought together 100 teams from universities across the country to compete in a series of cybersecurity challenges utilizing virtual cyber-physical infrastructure, life-like anomalies and constraints, as well as actual end users of the systems. Team Information Our team, representing the University of Nevada, Las Vegas (UNLV), consisted of 6 members from various academic backgrounds:https://r0tbyt3.dev/blog/12-25-2025-tryhackme-advent-of-cyber/Fri, 21 Nov 2025 00:00:00 +0000https://r0tbyt3.dev/blog/12-25-2025-tryhackme-advent-of-cyber/Overview some content about the TryHackMe Advent of Cyber 2025 event.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/abusing-wmi-for-persistence/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/abusing-wmi-for-persistence/Abusing WMI for Persistence Abusing WMI for Persistence - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Introduction to Windows Persistence Persistence via COM Object Hijacking Persistence via Electron Applications Persistence via File System Persistence via Startup Folder Persistence via Windows Registry Persistence via Windows Services Persistence via Windows Taskshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/acoustic-communication-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/acoustic-communication-exploits/Acoustic Communication Exploits Acoustic Communication Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Bluetooth Exploits Deauth Evil Twin Attacks Infrared Exploits Near-Field Communication (NFC) Exploits Power Line Communication Exploits Quantum Communication Exploits Radio Frequency Exploits Rogue Access Point Satellite Communication Exploits Ultrasonic Communication Exploits Visible Light Communication Exploits WiFi Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/Active Directory Active Directory - Microsoft’s directory service for managing users, computers, and policies in Windows domain environments. Active Directory Fundamentals Group Administration IAM Policies Identity and Access Management Fundamentals Identity Federation Pass the Hash Privileged Access Management User Administration Related Links: Active Directory Enumeration Create Shortcut via IShellLink COM Interface File Creation File Operations Windows Administration Windows Exploitation Write File to Diskhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/Active Directory Enumeration Active Directory Enumeration - techniques for querying Active Directory to gather information about users, groups, computers, and domain configuration. Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumeration Related Links: Active Directory Create Shortcut via IShellLink COM Interface File Creation File Operations Windows Administration Windows Exploitation Write File to Diskhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/active-directory-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/active-directory-fundamentals/Active Directory Fundamentals Active Directory Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Group Administration IAM Policies Identity and Access Management Fundamentals Identity Federation Pass the Hash Privileged Access Management User Administrationhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/ad-blocker-detection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/ad-blocker-detection/Ad Blocker Detection Ad Blocker Detection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/add-binary-icon/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/add-binary-icon/Add Binary Icon Add Binary Icon - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/add-user-to-local-group/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/add-user-to-local-group/Add User to Local Group Add User to Local Group - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/adversary-in-the-middle-aitm-via-evilginx/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/adversary-in-the-middle-aitm-via-evilginx/Adversary in the Middle (AitM) via Evilginx Adversary in the Middle (AitM) via Evilginx - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Customizing Evilginx OPSEC Configuration Dynamic Device Code Phishing Evilginx Phishlet Development Evilginx URL Rewriting GitHub Device Code Phishing GitLab Device Code Phishing Illicit Consent Grant Invisible Proxy OPSEC Considerations Manual TOTP Harvesting MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy via Cloudflare Workers Microsoft Device Code Phishing Protecting Evilginx Server via Caddyhttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/aes/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/aes/AES AES - Advanced Encryption Standard implementations across various libraries and APIs for use in security tooling. AES Decryption Encryption via CTAES Library AES Decryption Encryption via Tiny AES Library AES Decryption Encryption via WinAPIs AES Encryption Decryption Related Links: Base N Encoder Entropy Reduction Brute Forcing Key Decryption Caesar Cipher Encryption Decryption ChaCha20 Encryption Algorithm Data Encryption Techniques Encryption Fundamentals Generating Encryption Keys Without WinAPI Calls Random Key Generation RC4 SystemFunction040 Encryption Decryption XOR Encryption Decryption via Multi-Byte Key XOR Encryption Decryption via Single Bytehttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/aes/aes-decryption-encryption-via-ctaes-library/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/aes/aes-decryption-encryption-via-ctaes-library/AES Decryption Encryption via CTAES Library AES Decryption Encryption via CTAES Library - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Decryption Encryption via Tiny AES Library AES Decryption Encryption via WinAPIs AES Encryption Decryptionhttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/aes/aes-decryption-encryption-via-tiny-aes-library/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/aes/aes-decryption-encryption-via-tiny-aes-library/AES Decryption Encryption via Tiny AES Library AES Decryption Encryption via Tiny AES Library - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Decryption Encryption via CTAES Library AES Decryption Encryption via WinAPIs AES Encryption Decryptionhttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/aes/aes-decryption-encryption-via-winapis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/aes/aes-decryption-encryption-via-winapis/AES Decryption Encryption via WinAPIs AES Decryption Encryption via WinAPIs - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Decryption Encryption via CTAES Library AES Decryption Encryption via Tiny AES Library AES Encryption Decryptionhttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/aes/aes-encryption-decryption/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/aes/aes-encryption-decryption/AES Encryption Decryption AES Encryption Decryption - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Decryption Encryption via CTAES Library AES Decryption Encryption via Tiny AES Library AES Decryption Encryption via WinAPIshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/ai-generated-malware/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/ai-generated-malware/AI-Generated Malware AI-Generated Malware - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/AitM and MFA Bypass AitM and MFA Bypass - adversary-in-the-middle proxy techniques and OAuth device code flows used to bypass multi-factor authentication. Adversary in the Middle (AitM) via Evilginx Customizing Evilginx OPSEC Configuration Dynamic Device Code Phishing Evilginx Phishlet Development Evilginx URL Rewriting GitHub Device Code Phishing GitLab Device Code Phishing Illicit Consent Grant Invisible Proxy OPSEC Considerations Manual TOTP Harvesting MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy via Cloudflare Workers Microsoft Device Code Phishing Protecting Evilginx Server via Caddy Related Links: Anti-Bot Email Attachments and Phishing Campaigns HTML Smuggling Infrastructure Introduction to Phishing Page Design and Delivery Phishing Anti-Analysis Phishing Requirementshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/alertable-functions/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/alertable-functions/Alertable Functions Alertable Functions - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/alwaysinstallelevated-privilege-escalation-check/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/alwaysinstallelevated-privilege-escalation-check/AlwaysInstallElevated Privilege Escalation Check AlwaysInstallElevated Privilege Escalation Check - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/amsi-bypass/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/amsi-bypass/AMSI Bypass AMSI Bypass - techniques for disabling or circumventing the Antimalware Scan Interface to prevent PowerShell and script content from being scanned. AMSI Bypass Byte Patching AMSI Evasion AMSI Evasion via Hardware Breakpoint Hooks AMSI Evasion via Patching Introduction to AMSI Patchless AMSI Bypass via Hardware Breakpoints Related Links: Anti-Analysis Automated Obfuscation Techniques Code Obfuscation Covering Tracks ETW Bypass NTDLL Unhooking and API Hookinghttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/amsi-bypass/amsi-bypass-byte-patching/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/amsi-bypass/amsi-bypass-byte-patching/AMSI Bypass Byte Patching AMSI Bypass Byte Patching - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AMSI Evasion AMSI Evasion via Hardware Breakpoint Hooks AMSI Evasion via Patching Introduction to AMSI Patchless AMSI Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/amsi-bypass/amsi-evasion/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/amsi-bypass/amsi-evasion/AMSI Evasion AMSI Evasion - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AMSI Bypass Byte Patching AMSI Evasion via Hardware Breakpoint Hooks AMSI Evasion via Patching Introduction to AMSI Patchless AMSI Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/amsi-bypass/amsi-evasion-via-hardware-breakpoint-hooks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/amsi-bypass/amsi-evasion-via-hardware-breakpoint-hooks/AMSI Evasion via Hardware Breakpoint Hooks AMSI Evasion via Hardware Breakpoint Hooks - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AMSI Bypass Byte Patching AMSI Evasion AMSI Evasion via Patching Introduction to AMSI Patchless AMSI Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/amsi-bypass/amsi-evasion-via-patching/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/amsi-bypass/amsi-evasion-via-patching/AMSI Evasion via Patching AMSI Evasion via Patching - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AMSI Bypass Byte Patching AMSI Evasion AMSI Evasion via Hardware Breakpoint Hooks Introduction to AMSI Patchless AMSI Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/analysis-methods/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/analysis-methods/Analysis Methods Analysis Methods - techniques and methodologies for examining malware through static inspection and dynamic execution. Dynamic Analysis Malware Analysis Techniques Static Analysis Related Links: Automated Malware Analysis Maltego Memory Leaks Metasploit Reverse Engineering Urlvoid Virustotalhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/analyzing-and-evading-smuggleshield/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/analyzing-and-evading-smuggleshield/Analyzing and Evading SmuggleShield Analyzing and Evading SmuggleShield - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: HTML Smuggling HTML Smuggling Strategies Integrating Anti-Bot with HTML Smuggling MOTW Bypass via FileFix Variations SVG Smuggling WebAssembly Smugglinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/analyzing-server-security/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/analyzing-server-security/Analyzing Server Security Analyzing Server Security - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/anonymous-smb-login/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/anonymous-smb-login/Anonymous SMB Login Anonymous SMB Login - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/Anti-Analysis Anti-Analysis - techniques that detect and subvert debugging, virtual machine, and sandbox environments to prevent dynamic malware analysis. Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniques Related Links: AMSI Bypass Automated Obfuscation Techniques Code Obfuscation Covering Tracks ETW Bypass NTDLL Unhooking and API Hookinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-approve-access-via-discord/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-approve-access-via-discord/Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Discord - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-approve-access-via-email/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-approve-access-via-email/Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Email - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-approve-access-via-push-notifications/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-approve-access-via-push-notifications/Anti-Analysis Approve Access via Push Notifications Anti-Analysis Approve Access via Push Notifications - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-dynamic-obfuscation-via-obfuscatorio/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-dynamic-obfuscation-via-obfuscatorio/Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis Dynamic Obfuscation via Obfuscatorio - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-aes-encryption/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-aes-encryption/Anti-Analysis via AES Encryption Anti-Analysis via AES Encryption - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-base64-obfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-base64-obfuscation/Anti-Analysis via Base64 Obfuscation Anti-Analysis via Base64 Obfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-cookie-check/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-cookie-check/Anti-Analysis via Cookie Check Anti-Analysis via Cookie Check - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-dynamic-encryption/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-dynamic-encryption/Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic Encryption - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-dynamic-html-generation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-dynamic-html-generation/Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Dynamic HTML Generation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-fetching-remote-content/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-fetching-remote-content/Anti-Analysis via Fetching Remote Content Anti-Analysis via Fetching Remote Content - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-honeypots/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-honeypots/Anti-Analysis via Honeypots Anti-Analysis via Honeypots - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-invisible-encoding/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-invisible-encoding/Anti-Analysis via Invisible Encoding Anti-Analysis via Invisible Encoding - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-ip-restrictions/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-ip-restrictions/Anti-Analysis via IP Restrictions Anti-Analysis via IP Restrictions - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-reverse-dns-query/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-reverse-dns-query/Anti-Analysis via Reverse DNS Query Anti-Analysis via Reverse DNS Query - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-website-keying/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-website-keying/Anti-Analysis via Website Keying Anti-Analysis via Website Keying - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-xor-obfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-xor-obfuscation/Anti-Analysis via XOR Obfuscation Anti-Analysis via XOR Obfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/Anti-Bot Anti-Bot - techniques for detecting and blocking automated scanners, security bots, and analysis tools from accessing phishing pages. Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprinting Related Links: AitM and MFA Bypass Email Attachments and Phishing Campaigns HTML Smuggling Infrastructure Introduction to Phishing Page Design and Delivery Phishing Anti-Analysis Phishing Requirementshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/anti-bot-library/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/anti-bot-library/Anti-Bot Library Anti-Bot Library - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/anti-bot-via-advanced-ja4-analysis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/anti-bot-via-advanced-ja4-analysis/Anti-Bot via Advanced JA4 Analysis Anti-Bot via Advanced JA4 Analysis - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/anti-bot-via-captcha/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/anti-bot-via-captcha/Anti-Bot via CAPTCHA Anti-Bot via CAPTCHA - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/anti-bot-via-improper-window-size/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/anti-bot-via-improper-window-size/Anti-Bot via Improper Window Size Anti-Bot via Improper Window Size - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/anti-bot-via-user-agent-filtering/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/anti-bot-via-user-agent-filtering/Anti-Bot via User Agent Filtering Anti-Bot via User Agent Filtering - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/anti-bot-via-user-agent-spoofing-detection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/anti-bot-via-user-agent-spoofing-detection/Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Agent Spoofing Detection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/anti-bot-via-user-interaction/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/anti-bot-via-user-interaction/Anti-Bot via User Interaction Anti-Bot via User Interaction - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-debugging-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-debugging-techniques/Anti-Debugging Techniques Anti-Debugging Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-debugging-via-ntglobalflag/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-debugging-via-ntglobalflag/Anti-Debugging via NtGlobalFlag Anti-Debugging via NtGlobalFlag - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-debugging-via-ntsystemdebugcontrol/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-debugging-via-ntsystemdebugcontrol/Anti-Debugging via NtSystemDebugControl Anti-Debugging via NtSystemDebugControl - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-debugging-via-processdebugflags/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-debugging-via-processdebugflags/Anti-Debugging via ProcessDebugFlags Anti-Debugging via ProcessDebugFlags - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-debugging-via-ptrace/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-debugging-via-ptrace/Anti-Debugging via Ptrace Anti-Debugging via Ptrace - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-debugging-via-tls-callbacks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-debugging-via-tls-callbacks/Anti-Debugging via TLS Callbacks Anti-Debugging via TLS Callbacks - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-forensic-evasion-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-forensic-evasion-techniques/Anti-Forensic Evasion Techniques Anti-Forensic Evasion Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/anti-forensic-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/anti-forensic-techniques/Anti-Forensic Techniques Anti-Forensic Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automated Reverse Engineering Digital Forensics Forensics Hayabusa Incident Response Threat Hunting Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/anti-forensic-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/anti-forensic-techniques/Anti-Forensic Techniques Anti-Forensic Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Covering Tracks Techniques Data Destruction Techniques File Time Stomping Log Tampering Techniques Self-Deletion Techniques Shadow Copy Deletion Timestomping Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-malware-evasion-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-malware-evasion-techniques/Anti-Malware Evasion Techniques Anti-Malware Evasion Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-virtualization-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-virtualization-techniques/Anti-Virtualization Techniques Anti-Virtualization Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-virus-evasion-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-virus-evasion-techniques/Anti-Virus Evasion Techniques Anti-Virus Evasion Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/ap-string-hashing-algorithm/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/ap-string-hashing-algorithm/AP String Hashing Algorithm AP String Hashing Algorithm - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/ap-string-hashing-algorithm-ascii/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/ap-string-hashing-algorithm-ascii/AP String Hashing Algorithm ASCII AP String Hashing Algorithm ASCII - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/ap-string-hashing-syscalls-hash-values-nt/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/ap-string-hashing-syscalls-hash-values-nt/AP String Hashing Syscalls Hash Values NT AP String Hashing Syscalls Hash Values NT - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/ap-syscalls-hash-values-zw/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/ap-syscalls-hash-values-zw/AP Syscalls Hash Values ZW AP Syscalls Hash Values ZW - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/ap-winapis-hash-values/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/ap-winapis-hash-values/AP WinAPIs Hash Values AP WinAPIs Hash Values - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/apc-injection-via-write-to-process-memory/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/apc-injection-via-write-to-process-memory/APC Injection via Write to Process Memory APC Injection via Write to Process Memory - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/apc-queues/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/apc-queues/APC Queues APC Queues - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/api-hooking/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/api-hooking/API Hooking API Hooking - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/api-hooking-variants/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/api-hooking-variants/API Hooking Variants API Hooking Variants - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Hardware Hooks NTDLL Unhooking NTDLL Unhooking Variants Unhooking All DLLs Utilizing Hardware Breakpoints for Hooking 1 Utilizing Hardware Breakpoints for Hooking 2https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/api-set-resolution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/api-set-resolution/API Set Resolution API Set Resolution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/Application Security Application Security - the practice of identifying and mitigating vulnerabilities in software applications throughout the development lifecycle. Authentication and Authorization Automated Exploit Generation Automated Vulnerability Discovery Common Exploit Frameworks and Tools Injection Attacks OWASP Top 10 Secure Coding Fundamentals Software Vulnerabilities and Exploits Target-Specific Exploitation Web Based Attacks Related Links: Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/threat-modeling/apt/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/threat-modeling/apt/APT APT - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: OSINT Reconnaissance Techniques Supply Chain Attacks Threat Modeling Fundamentals Zero Dayhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/assembly/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/assembly/Assembly Assembly - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/authentication-and-authorization/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/authentication-and-authorization/Authentication and Authorization Authentication and Authorization - attack techniques targeting weak authentication mechanisms and improper access control implementations. Authentication Bypass Techniques Breaking Authentication Breaking Authorization Brute Force vs Password Spraying Related Links: Automated Exploit Generation Automated Vulnerability Discovery Common Exploit Frameworks and Tools Injection Attacks OWASP Top 10 Secure Coding Fundamentals Software Vulnerabilities and Exploits Target-Specific Exploitation Web Based Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/authentication-and-authorization/authentication-bypass-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/authentication-and-authorization/authentication-bypass-techniques/Authentication Bypass Techniques Authentication Bypass Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Breaking Authentication Breaking Authorization Brute Force vs Password Sprayinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/automate-phishing-infrastructure-ansible/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/automate-phishing-infrastructure-ansible/Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Ansible - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/automate-phishing-infrastructure-terraform/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/automate-phishing-infrastructure-terraform/Automate Phishing Infrastructure Terraform Automate Phishing Infrastructure Terraform - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/automated-botnet-development/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/automated-botnet-development/Automated Botnet Development Automated Botnet Development - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/automated-c2-infrastructure-setup/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/automated-c2-infrastructure-setup/Automated C2 Infrastructure Setup Automated C2 Infrastructure Setup - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/automated-cryptojacking-malware-development/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/automated-cryptojacking-malware-development/Automated Cryptojacking Malware Development Automated Cryptojacking Malware Development - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/automated-evasion-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/automated-evasion-techniques/Automated Evasion Techniques Automated Evasion Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/automated-exploit-generation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/automated-exploit-generation/Automated Exploit Generation Automated Exploit Generation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Authentication and Authorization Automated Vulnerability Discovery Common Exploit Frameworks and Tools Injection Attacks OWASP Top 10 Secure Coding Fundamentals Software Vulnerabilities and Exploits Target-Specific Exploitation Web Based Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/automated-fileless-malware-development/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/automated-fileless-malware-development/Automated Fileless Malware Development Automated Fileless Malware Development - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/automated-malware-analysis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/automated-malware-analysis/Automated Malware Analysis Automated Malware Analysis - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analysis Methods Maltego Memory Leaks Metasploit Reverse Engineering Urlvoid Virustotalhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/automated-malware-delivery-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/automated-malware-delivery-techniques/Automated Malware Delivery Techniques Automated Malware Delivery Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/automated-malware-distribution-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/automated-malware-distribution-techniques/Automated Malware Distribution Techniques Automated Malware Distribution Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/automated-obfuscation-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/automated-obfuscation-techniques/Automated Obfuscation Techniques Automated Obfuscation Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AMSI Bypass Anti-Analysis Code Obfuscation Covering Tracks ETW Bypass NTDLL Unhooking and API Hookinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/automated-payload-generation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/automated-payload-generation/Automated Payload Generation Automated Payload Generation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/automated-payload-generation-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/automated-payload-generation-techniques/Automated Payload Generation Techniques Automated Payload Generation Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/automated-polymorphic-and-metamorphic-malware-development/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/automated-polymorphic-and-metamorphic-malware-development/Automated Polymorphic and Metamorphic Malware Development Automated Polymorphic and Metamorphic Malware Development - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/automated-reverse-engineering/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/automated-reverse-engineering/Automated Reverse Engineering Automated Reverse Engineering - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Forensic Techniques Digital Forensics Forensics Hayabusa Incident Response Threat Hunting Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/automated-social-engineering-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/automated-social-engineering-techniques/Automated Social Engineering Techniques Automated Social Engineering Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automated Spear Phishing Email Generation Digital Social Engineering Physical Social Engineering Social Engineering Fundamentals Social Engineering Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/automated-spear-phishing-email-generation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/automated-spear-phishing-email-generation/Automated Spear Phishing Email Generation Automated Spear Phishing Email Generation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automated Social Engineering Techniques Digital Social Engineering Physical Social Engineering Social Engineering Fundamentals Social Engineering Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/automated-vulnerability-discovery/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/automated-vulnerability-discovery/Automated Vulnerability Discovery Automated Vulnerability Discovery - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Authentication and Authorization Automated Exploit Generation Common Exploit Frameworks and Tools Injection Attacks OWASP Top 10 Secure Coding Fundamentals Software Vulnerabilities and Exploits Target-Specific Exploitation Web Based Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/av-detection-mechanisms/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/av-detection-mechanisms/AV Detection Mechanisms AV Detection Mechanisms - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/avoid-detection-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/avoid-detection-techniques/Avoid Detection Techniques Avoid Detection Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/base-n-encoder-entropy-reduction/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/base-n-encoder-entropy-reduction/Base N Encoder Entropy Reduction Base N Encoder Entropy Reduction - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Brute Forcing Key Decryption Caesar Cipher Encryption Decryption ChaCha20 Encryption Algorithm Data Encryption Techniques Encryption Fundamentals Generating Encryption Keys Without WinAPI Calls Random Key Generation RC4 SystemFunction040 Encryption Decryption XOR Encryption Decryption via Multi-Byte Key XOR Encryption Decryption via Single Bytehttps://r0tbyt3.dev/wiki/content/cybersecurity/bash/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/bash/Bash Bash - the Bourne Again Shell scripting language used extensively in Linux-based cybersecurity tooling, automation, and offensive operations. Bash Fundamentals Related Links: Application Security Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/bash/bash-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/bash/bash-fundamentals/Bash Fundamentals Bash Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links:https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/beacon-object-files-bof/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/beacon-object-files-bof/Beacon Object Files (BOF) Beacon Object Files (BOF) - position-independent code objects executed in-process by C2 frameworks such as Cobalt Strike for post-exploitation. BOF Execution Introduction to BOF LSASS Dump BOF Object File Loader with Module Stomping Threadless Shellcode Injection via HWBPs BOF Writing BOF Files Related Links: C2 and Networking Credential Dumping Malware Concepts Payload and PE Persistence Process Injection Sleep Obfuscation Windows Internalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/binary-metadata-modification/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/binary-metadata-modification/Binary Metadata Modification Binary Metadata Modification - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/binary-properties-icon-metadata/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/binary-properties-icon-metadata/Binary Properties Icon Metadata Binary Properties Icon Metadata - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-atsvc-via-named-pipe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-atsvc-via-named-pipe/Bind to ATSVC via Named Pipe Bind to ATSVC via Named Pipe - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-bkrp-via-named-pipe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-bkrp-via-named-pipe/Bind to BKRP via Named Pipe Bind to BKRP via Named Pipe - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-epm-via-named-pipe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-epm-via-named-pipe/Bind to EPM via Named Pipe Bind to EPM via Named Pipe - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-lsad-via-named-pipe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-lsad-via-named-pipe/Bind to LSAD via Named Pipe Bind to LSAD via Named Pipe - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-lsat-via-named-pipe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-lsat-via-named-pipe/Bind to LSAT via Named Pipe Bind to LSAT via Named Pipe - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-nrpc-via-named-pipe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-nrpc-via-named-pipe/Bind to NRPC via Named Pipe Bind to NRPC via Named Pipe - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-rprn-via-named-pipe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-rprn-via-named-pipe/Bind to RPRN via Named Pipe Bind to RPRN via Named Pipe - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-rrp-via-named-pipe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-rrp-via-named-pipe/Bind to RRP via Named Pipe Bind to RRP via Named Pipe - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-samr-via-named-pipe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-samr-via-named-pipe/Bind to SAMR via Named Pipe Bind to SAMR via Named Pipe - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-scmr-via-named-pipe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-scmr-via-named-pipe/Bind to SCMR via Named Pipe Bind to SCMR via Named Pipe - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-srvs-via-named-pipe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-srvs-via-named-pipe/Bind to SRVS via Named Pipe Bind to SRVS via Named Pipe - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-wkst-via-named-pipe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-wkst-via-named-pipe/Bind to WKST via Named Pipe Bind to WKST via Named Pipe - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/block-dll-policy/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/block-dll-policy/Block DLL Policy Block DLL Policy - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/blocking-driver-loading-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/blocking-driver-loading-kernel/Blocking Driver Loading Kernel Blocking Driver Loading Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/bluetooth-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/bluetooth-exploits/Bluetooth Exploits Bluetooth Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Acoustic Communication Exploits Deauth Evil Twin Attacks Infrared Exploits Near-Field Communication (NFC) Exploits Power Line Communication Exploits Quantum Communication Exploits Radio Frequency Exploits Rogue Access Point Satellite Communication Exploits Ultrasonic Communication Exploits Visible Light Communication Exploits WiFi Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/beacon-object-files-bof/bof-execution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/beacon-object-files-bof/bof-execution/BOF Execution BOF Execution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Introduction to BOF LSASS Dump BOF Object File Loader with Module Stomping Threadless Shellcode Injection via HWBPs BOF Writing BOF Fileshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/authentication-and-authorization/breaking-authentication/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/authentication-and-authorization/breaking-authentication/Breaking Authentication Breaking Authentication - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Authentication Bypass Techniques Breaking Authorization Brute Force vs Password Sprayinghttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/authentication-and-authorization/breaking-authorization/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/authentication-and-authorization/breaking-authorization/Breaking Authorization Breaking Authorization - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Authentication Bypass Techniques Breaking Authentication Brute Force vs Password Sprayinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/bring-your-own-file-extension/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/bring-your-own-file-extension/Bring Your Own File Extension Bring Your Own File Extension - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/bring-your-own-protocol-handler/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/bring-your-own-protocol-handler/Bring Your Own Protocol Handler Bring Your Own Protocol Handler - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/bring-your-own-vulnerable-driver-byovd/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/bring-your-own-vulnerable-driver-byovd/Bring Your Own Vulnerable Driver (BYOVD) Bring Your Own Vulnerable Driver (BYOVD) - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/authentication-and-authorization/brute-force-vs-password-spraying/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/authentication-and-authorization/brute-force-vs-password-spraying/Brute Force vs Password Spraying Brute Force vs Password Spraying - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Authentication Bypass Techniques Breaking Authentication Breaking Authorizationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/brute-force-vs-password-spraying-windows/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/brute-force-vs-password-spraying-windows/Brute Force vs Password Spraying Windows Brute Force vs Password Spraying Windows - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/brute-forcing-key-decryption/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/brute-forcing-key-decryption/Brute Forcing Key Decryption Brute Forcing Key Decryption - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Base N Encoder Entropy Reduction Caesar Cipher Encryption Decryption ChaCha20 Encryption Algorithm Data Encryption Techniques Encryption Fundamentals Generating Encryption Keys Without WinAPI Calls Random Key Generation RC4 SystemFunction040 Encryption Decryption XOR Encryption Decryption via Multi-Byte Key XOR Encryption Decryption via Single Bytehttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/injection-attacks/buffer-overflows/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/injection-attacks/buffer-overflows/Buffer Overflows Buffer Overflows - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: CSRF Directory Traversal SQL Injection Timing Attacks XSShttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/building-a-drm-equipped-malware/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/building-a-drm-equipped-malware/Building a DRM-Equipped Malware Building a DRM-Equipped Malware - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/building-a-loader/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/building-a-loader/Building a Loader Building a Loader - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/building-a-pe-packer/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/building-a-pe-packer/Building a PE Packer Building a PE Packer - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/building-an-evasive-dll-payload-loader/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/building-an-evasive-dll-payload-loader/Building an Evasive DLL Payload Loader Building an Evasive DLL Payload Loader - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/burp-suite/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/burp-suite/Burp Suite Burp Suite - an integrated web application security testing platform used for intercepting, inspecting, and manipulating HTTP traffic. Burp Suite Fundamentals Intercepting Proxy Intruder Repeater Scanner Related Links: Application Security Bash Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/burp-suite/burp-suite-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/burp-suite/burp-suite-fundamentals/Burp Suite Fundamentals Burp Suite Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Intercepting Proxy Intruder Repeater Scannerhttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/digital-social-engineering/business-email-compromise/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/digital-social-engineering/business-email-compromise/Business Email Compromise Business Email Compromise - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Drive-By Downloads File Sharing and Removable Media Phishing Overview Typo Squatting Watering Hole Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/bypass-eaf-export-address-filtering/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/bypass-eaf-export-address-filtering/Bypass EAF Export Address Filtering Bypass EAF Export Address Filtering - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/c-programming/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/c-programming/C Programming C Programming - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/C2 and Networking C2 and Networking - command-and-control communication patterns, protocol abuse, and network-based techniques used in post-exploitation operations. Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/c2-communication-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/c2-communication-techniques/C2 Communication Techniques C2 Communication Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/caesar-cipher-encryption-decryption/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/caesar-cipher-encryption-decryption/Caesar Cipher Encryption Decryption Caesar Cipher Encryption Decryption - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Base N Encoder Entropy Reduction Brute Forcing Key Decryption ChaCha20 Encryption Algorithm Data Encryption Techniques Encryption Fundamentals Generating Encryption Keys Without WinAPI Calls Random Key Generation RC4 SystemFunction040 Encryption Decryption XOR Encryption Decryption via Multi-Byte Key XOR Encryption Decryption via Single Bytehttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/capturing-and-saving-screenshots-into-memory/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/capturing-and-saving-screenshots-into-memory/Capturing and Saving Screenshots into Memory Capturing and Saving Screenshots into Memory - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/cfg-query/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/cfg-query/CFG Query CFG Query - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/chacha20-encryption-algorithm/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/chacha20-encryption-algorithm/ChaCha20 Encryption Algorithm ChaCha20 Encryption Algorithm - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Base N Encoder Entropy Reduction Brute Forcing Key Decryption Caesar Cipher Encryption Decryption Data Encryption Techniques Encryption Fundamentals Generating Encryption Keys Without WinAPI Calls Random Key Generation RC4 SystemFunction040 Encryption Decryption XOR Encryption Decryption via Multi-Byte Key XOR Encryption Decryption via Single Bytehttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/check-debug-object-handle/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/check-debug-object-handle/Check Debug Object Handle Check Debug Object Handle - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/check-debug-object-handle-via-ntqueryinformationprocess/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/check-debug-object-handle-via-ntqueryinformationprocess/Check Debug Object Handle via NtQueryInformationProcess Check Debug Object Handle via NtQueryInformationProcess - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/check-hkcu-alwaysinstallelevated/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/check-hkcu-alwaysinstallelevated/Check HKCU AlwaysInstallElevated Check HKCU AlwaysInstallElevated - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/check-hklm-alwaysinstallelevated/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/check-hklm-alwaysinstallelevated/Check HKLM AlwaysInstallElevated Check HKLM AlwaysInstallElevated - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/check-hyper-v-status/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/check-hyper-v-status/Check Hyper-V Status Check Hyper-V Status - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/check-if-process-is-wow64/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/check-if-process-is-wow64/Check If Process Is WOW64 Check If Process Is WOW64 - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/check-if-rpc-server-is-listening-c706-mgmt/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/check-if-rpc-server-is-listening-c706-mgmt/Check If RPC Server Is Listening C706 Mgmt Check If RPC Server Is Listening C706 Mgmt - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/check-process-admin-privileges-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/check-process-admin-privileges-kernel/Check Process Admin Privileges Kernel Check Process Admin Privileges Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/check-process-elevation-status/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/check-process-elevation-status/Check Process Elevation Status Check Process Elevation Status - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/check-token-elevation-status-via-ntqueryinformationtoken/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/check-token-elevation-status-via-ntqueryinformationtoken/Check Token Elevation Status via NtQueryInformationToken Check Token Elevation Status via NtQueryInformationToken - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/cia-triad/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/cia-triad/CIA Triad CIA Triad - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Information Security Models Overview Privacyhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/cleaning-driver-artifacts-from-memory-dumps-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/cleaning-driver-artifacts-from-memory-dumps-kernel/Cleaning Driver Artifacts from Memory Dumps Kernel Cleaning Driver Artifacts from Memory Dumps Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/clickfix-run-dialog-alternatives/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/clickfix-run-dialog-alternatives/ClickFix Run Dialog Alternatives ClickFix Run Dialog Alternatives - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Cloning Websites via Browser Extension Designing Custom Phishing Pages Integrating Backend Functionality Introduction to Apache Mod Rewrite Introduction to ClickFix Introduction to Flask Living Off Trusted Sites (LOTS)https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/client-analysis-via-cloudflare-workers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/client-analysis-via-cloudflare-workers/Client Analysis via Cloudflare Workers Client Analysis via Cloudflare Workers - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/client-logging-library/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/client-logging-library/Client Logging Library Client Logging Library - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/clipboard-data-theft/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/clipboard-data-theft/Clipboard Data Theft Clipboard Data Theft - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/cloning-detection-mechanisms/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/cloning-detection-mechanisms/Cloning Detection Mechanisms Cloning Detection Mechanisms - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/cloning-websites-via-browser-extension/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/cloning-websites-via-browser-extension/Cloning Websites via Browser Extension Cloning Websites via Browser Extension - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ClickFix Run Dialog Alternatives Designing Custom Phishing Pages Integrating Backend Functionality Introduction to Apache Mod Rewrite Introduction to ClickFix Introduction to Flask Living Off Trusted Sites (LOTS)https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/Code Obfuscation Code Obfuscation - techniques that transform malware code to disguise its true purpose and evade signature-based and heuristic detection. AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniques Related Links: AMSI Bypass Anti-Analysis Automated Obfuscation Techniques Covering Tracks ETW Bypass NTDLL Unhooking and API Hookinghttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/code-obfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/code-obfuscation/Code Obfuscation Code Obfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/collecting-and-analyzing-bot-telemetry/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/collecting-and-analyzing-bot-telemetry/Collecting and Analyzing Bot Telemetry Collecting and Analyzing Bot Telemetry - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/collecting-and-analyzing-ja4-bot-telemetry/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/collecting-and-analyzing-ja4-bot-telemetry/Collecting and Analyzing JA4 Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/command-and-control-patterns/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/command-and-control-patterns/Command and Control Patterns Command and Control Patterns - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/command-line-argument-spoofing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/command-line-argument-spoofing/Command Line Argument Spoofing Command Line Argument Spoofing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/common-exploit-frameworks-and-tools/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/common-exploit-frameworks-and-tools/Common Exploit Frameworks and Tools Common Exploit Frameworks and Tools - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Authentication and Authorization Automated Exploit Generation Automated Vulnerability Discovery Injection Attacks OWASP Top 10 Secure Coding Fundamentals Software Vulnerabilities and Exploits Target-Specific Exploitation Web Based Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/compile-time-getmodulehandle/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/compile-time-getmodulehandle/Compile-Time GetModuleHandle Compile-Time GetModuleHandle - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/compile-time-getprocaddress/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/compile-time-getprocaddress/Compile-Time GetProcAddress Compile-Time GetProcAddress - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/compile-time-hash-obfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/compile-time-hash-obfuscation/Compile-Time Hash Obfuscation Compile-Time Hash Obfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/compile-time-string-encryption/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/compile-time-string-encryption/Compile-Time String Encryption Compile-Time String Encryption - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/connect-to-samr-server-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/connect-to-samr-server-ms-samr/Connect to SAMR Server MS-SAMR Connect to SAMR Server MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/controlling-payload-execution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/controlling-payload-execution/Controlling Payload Execution Controlling Payload Execution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/Covering Tracks Covering Tracks - techniques to erase or tamper with forensic evidence including logs, timestamps, and file system artifacts after a compromise. Anti-Forensic Techniques Covering Tracks Techniques Data Destruction Techniques File Time Stomping Log Tampering Techniques Self-Deletion Techniques Shadow Copy Deletion Timestomping Techniques Related Links: AMSI Bypass Anti-Analysis Automated Obfuscation Techniques Code Obfuscation ETW Bypass NTDLL Unhooking and API Hookinghttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/covering-tracks-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/covering-tracks-techniques/Covering Tracks Techniques Covering Tracks Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Forensic Techniques Data Destruction Techniques File Time Stomping Log Tampering Techniques Self-Deletion Techniques Shadow Copy Deletion Timestomping Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/hashing/crc-djb2-lose-lose-hashing-algorithms/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/hashing/crc-djb2-lose-lose-hashing-algorithms/CRC DJB2 Lose Lose Hashing Algorithms CRC DJB2 Lose Lose Hashing Algorithms - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Hashing Fundamentals Multiple Hashing Algorithmshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/create-a-dll-template/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/create-a-dll-template/Create a DLL Template Create a DLL Template - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/create-a-group-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/create-a-group-ms-samr/Create a Group MS-SAMR Create a Group MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/create-local-remote-service/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/create-local-remote-service/Create Local Remote Service Create Local Remote Service - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/create-local-user/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/create-local-user/Create Local User Create Local User - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/create-local-user-account/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/create-local-user-account/Create Local User Account Create Local User Account - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/create-remote-service/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/create-remote-service/Create Remote Service Create Remote Service - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/create-shortcut-via-ishelllink-com-interface/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/create-shortcut-via-ishelllink-com-interface/Create Shortcut via IShellLink COM Interface Create Shortcut via IShellLink COM Interface - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Active Directory Active Directory Enumeration File Creation File Operations Windows Administration Windows Exploitation Write File to Diskhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/Credential Dumping Credential Dumping - techniques for extracting authentication credentials from memory, registry, disk, and browser storage on compromised systems. Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumping Related Links: Beacon Object Files (BOF) C2 and Networking Malware Concepts Payload and PE Persistence Process Injection Sleep Obfuscation Windows Internalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/cross-architecture-injection-x86-to-x64/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/cross-architecture-injection-x86-to-x64/Cross-Architecture Injection x86 to x64 Cross-Architecture Injection x86 to x64 - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/crt-library-removal/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/crt-library-removal/CRT Library Removal CRT Library Removal - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/crt-removal/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/crt-removal/CRT Removal CRT Removal - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/cryptography/cryptographic-algorithms/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/cryptography/cryptographic-algorithms/Cryptographic Algorithms Cryptographic Algorithms - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Cryptography Fundamentals Data Anonymization Techniques Data Masking Techniques Secure Communication Techniques Steganographyhttps://r0tbyt3.dev/wiki/content/cybersecurity/cryptography/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/cryptography/Cryptography Cryptography - the study of techniques for secure communication and data protection using mathematical algorithms and protocols. Cryptographic Algorithms Cryptography Fundamentals Data Anonymization Techniques Data Masking Techniques Secure Communication Techniques Steganography Related Links: Application Security Bash Burp Suite Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/cryptography/cryptography-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/cryptography/cryptography-fundamentals/Cryptography Fundamentals Cryptography Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Cryptographic Algorithms Data Anonymization Techniques Data Masking Techniques Secure Communication Techniques Steganographyhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/cryptojacking-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/cryptojacking-exploits/Cryptojacking Exploits Cryptojacking Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/injection-attacks/csrf/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/injection-attacks/csrf/CSRF CSRF - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Buffer Overflows Directory Traversal SQL Injection Timing Attacks XSShttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/custom-built-tools-demonstration/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/custom-built-tools-demonstration/Custom Built Tools Demonstration Custom Built Tools Demonstration - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/custom-smb-client/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/custom-smb-client/Custom SMB Client Custom SMB Client - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/custom-winapi-functions/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/custom-winapi-functions/Custom WinAPI Functions Custom WinAPI Functions - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/customizing-evilginx-opsec-configuration/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/customizing-evilginx-opsec-configuration/Customizing Evilginx OPSEC Configuration Customizing Evilginx OPSEC Configuration - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Adversary in the Middle (AitM) via Evilginx Dynamic Device Code Phishing Evilginx Phishlet Development Evilginx URL Rewriting GitHub Device Code Phishing GitLab Device Code Phishing Illicit Consent Grant Invisible Proxy OPSEC Considerations Manual TOTP Harvesting MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy via Cloudflare Workers Microsoft Device Code Phishing Protecting Evilginx Server via Caddyhttps://r0tbyt3.dev/wiki/content/cybersecurity/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/Cybersecurity Map Cybersecurity - the practice of protecting computer systems, networks, and data from unauthorized access, attacks, and damage. Application Security Bash Burp Suite Cryptography Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wireshark Related Links: Backend Engineering DevOps and Platform Engineering Embedded Systems Homehttps://r0tbyt3.dev/wiki/content/cybersecurity/cryptography/data-anonymization-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/cryptography/data-anonymization-techniques/Data Anonymization Techniques Data Anonymization Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Cryptographic Algorithms Cryptography Fundamentals Data Masking Techniques Secure Communication Techniques Steganographyhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/data-destruction-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/data-destruction-techniques/Data Destruction Techniques Data Destruction Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Forensic Techniques Covering Tracks Techniques File Time Stomping Log Tampering Techniques Self-Deletion Techniques Shadow Copy Deletion Timestomping Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/data-encryption-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/data-encryption-techniques/Data Encryption Techniques Data Encryption Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Base N Encoder Entropy Reduction Brute Forcing Key Decryption Caesar Cipher Encryption Decryption ChaCha20 Encryption Algorithm Encryption Fundamentals Generating Encryption Keys Without WinAPI Calls Random Key Generation RC4 SystemFunction040 Encryption Decryption XOR Encryption Decryption via Multi-Byte Key XOR Encryption Decryption via Single Bytehttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/data-exfiltration-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/data-exfiltration-techniques/Data Exfiltration Techniques Data Exfiltration Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/cryptography/data-masking-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/cryptography/data-masking-techniques/Data Masking Techniques Data Masking Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Cryptographic Algorithms Cryptography Fundamentals Data Anonymization Techniques Secure Communication Techniques Steganographyhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/database-setup-mysql/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/database-setup-mysql/Database Setup MySQL Database Setup MySQL - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/deauth/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/deauth/Deauth Deauth - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Acoustic Communication Exploits Bluetooth Exploits Evil Twin Attacks Infrared Exploits Near-Field Communication (NFC) Exploits Power Line Communication Exploits Quantum Communication Exploits Radio Frequency Exploits Rogue Access Point Satellite Communication Exploits Ultrasonic Communication Exploits Visible Light Communication Exploits WiFi Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/delete-a-group-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/delete-a-group-ms-samr/Delete a Group MS-SAMR Delete a Group MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/delete-remote-service/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/delete-remote-service/Delete Remote Service Delete Remote Service - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/deploying-phishing-infrastructure/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/deploying-phishing-infrastructure/Deploying Phishing Infrastructure Deploying Phishing Infrastructure - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/designing-custom-phishing-pages/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/designing-custom-phishing-pages/Designing Custom Phishing Pages Designing Custom Phishing Pages - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ClickFix Run Dialog Alternatives Cloning Websites via Browser Extension Integrating Backend Functionality Introduction to Apache Mod Rewrite Introduction to ClickFix Introduction to Flask Living Off Trusted Sites (LOTS)https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/detect-virtualization-methods/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/detect-virtualization-methods/Detect Virtualization Methods Detect Virtualization Methods - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/detect-virtualization-via-hardware-specification/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/detect-virtualization-via-hardware-specification/Detect Virtualization via Hardware Specification Detect Virtualization via Hardware Specification - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/detect-virtualization-via-monitor-resolution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/detect-virtualization-via-monitor-resolution/Detect Virtualization via Monitor Resolution Detect Virtualization via Monitor Resolution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/detect-virtualization-via-user-interaction/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/detect-virtualization-via-user-interaction/Detect Virtualization via User Interaction Detect Virtualization via User Interaction - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/detect-virtualized-environments/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/detect-virtualized-environments/Detect Virtualized Environments Detect Virtualized Environments - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/detecting-headless-browsers-via-webdriver-property/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/detecting-headless-browsers-via-webdriver-property/Detecting Headless Browsers via WebDriver Property Detecting Headless Browsers via WebDriver Property - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/detection-engineering/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/detection-engineering/Detection Engineering Detection Engineering - the systematic development and tuning of detection rules, analytics, and coverage mappings against adversary techniques. Detection Engineering Fundamentals MITRE ATT&CK Mapping Related Links: Endpoint Security SIEM and Tools SOC Honeypots Threat Hunting Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/detection-engineering/detection-engineering-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/detection-engineering/detection-engineering-fundamentals/Detection Engineering Fundamentals Detection Engineering Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: MITRE ATT&CK Mappinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/developing-a-keylogger/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/developing-a-keylogger/Developing a Keylogger Developing a Keylogger - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/digital-forensics/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/digital-forensics/Digital Forensics Digital Forensics - the collection, preservation, and analysis of digital evidence from storage media, memory, and network artifacts. Disk Forensics Host Forensics Fundamentals Memory Forensics Related Links: Anti-Forensic Techniques Automated Reverse Engineering Forensics Hayabusa Incident Response Threat Hunting Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/digital-social-engineering/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/digital-social-engineering/Digital Social Engineering Digital Social Engineering - online-based manipulation techniques that exploit trust, urgency, and human psychology to achieve unauthorized access. Business Email Compromise Drive-By Downloads File Sharing and Removable Media Phishing Overview Typo Squatting Watering Hole Attacks Related Links: Automated Social Engineering Techniques Automated Spear Phishing Email Generation Physical Social Engineering Social Engineering Fundamentals Social Engineering Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/injection-attacks/directory-traversal/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/injection-attacks/directory-traversal/Directory Traversal Directory Traversal - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Buffer Overflows CSRF SQL Injection Timing Attacks XSShttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/disabling-the-debugger-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/disabling-the-debugger-kernel/Disabling the Debugger Kernel Disabling the Debugger Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/digital-forensics/disk-forensics/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/digital-forensics/disk-forensics/Disk Forensics Disk Forensics - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Host Forensics Fundamentals Memory Forensicshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/disk-interaction/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/disk-interaction/Disk Interaction Disk Interaction - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/dll-hijacking/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/dll-hijacking/DLL Hijacking DLL Hijacking - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/dll-injection-via-zwcreatethreadex-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/dll-injection-via-zwcreatethreadex-kernel/DLL Injection via ZwCreateThreadEx Kernel DLL Injection via ZwCreateThreadEx Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/dll-injection-via-zwcreatethreadex-kernel-internals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/dll-injection-via-zwcreatethreadex-kernel-internals/DLL Injection via ZwCreateThreadEx Kernel Internals DLL Injection via ZwCreateThreadEx Kernel Internals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/dll-sideloading-for-edr-evasion/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/dll-sideloading-for-edr-evasion/DLL Sideloading for EDR Evasion DLL Sideloading for EDR Evasion - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/dll-sideloading-overview/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/dll-sideloading-overview/DLL Sideloading Overview DLL Sideloading Overview - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/dll-sideloading-practical-example/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/dll-sideloading-practical-example/DLL Sideloading Practical Example DLL Sideloading Practical Example - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/dll-sideloading-via-at.exe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/dll-sideloading-via-at.exe/DLL Sideloading via at.exe DLL Sideloading via at.exe - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/dmz/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/dmz/DMZ DMZ - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Firewalls Overview Honeypots Jump Server Microsegmentation Network Segmentation Port Blocking Zero Trust Architecturehttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-protocols/dns/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-protocols/dns/DNS DNS - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Handshakes HTTPS Networking Networking Fundamentals Subnettinghttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/dns-lookup/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/dns-lookup/DNS Lookup DNS Lookup - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Host Check ICMP Echo Network Attacks Network Evasion Techniques Network Protocols Port Scanning TCP Port Scan VPNs Wireless and Physical Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/dns-poisoning/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/dns-poisoning/DNS Poisoning DNS Poisoning - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: MITM Network Attacks Overview Packet Sniffing Exploits Spoofing VLAN Hopping VMescape Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/domain-and-dns-configuration/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/domain-and-dns-configuration/Domain and DNS Configuration Domain and DNS Configuration - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/domain-generation-algorithms-dga/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/domain-generation-algorithms-dga/Domain Generation Algorithms (DGA) Domain Generation Algorithms (DGA) - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/domain-join-check/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/domain-join-check/Domain Join Check Domain Join Check - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/domain-registration-kill-switch/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/domain-registration-kill-switch/Domain Registration Kill Switch Domain Registration Kill Switch - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/download-and-upload-via-smb/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/download-and-upload-via-smb/Download and Upload via SMB Download and Upload via SMB - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/download-file-via-bits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/download-file-via-bits/Download File via BITS Download File via BITS - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/digital-social-engineering/drive-by-downloads/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/digital-social-engineering/drive-by-downloads/Drive-By Downloads Drive-By Downloads - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Business Email Compromise File Sharing and Removable Media Phishing Overview Typo Squatting Watering Hole Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/drm-equipped-malware/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/drm-equipped-malware/DRM-Equipped Malware DRM-Equipped Malware - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/dumping-browser-cookies-chrome/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/dumping-browser-cookies-chrome/Dumping Browser Cookies Chrome Dumping Browser Cookies Chrome - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/dumping-browser-cookies-firefox/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/dumping-browser-cookies-firefox/Dumping Browser Cookies Firefox Dumping Browser Cookies Firefox - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/dumping-saved-logins-chrome/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/dumping-saved-logins-chrome/Dumping Saved Logins Chrome Dumping Saved Logins Chrome - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/dumping-saved-logins-firefox/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/dumping-saved-logins-firefox/Dumping Saved Logins Firefox Dumping Saved Logins Firefox - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/dumping-the-sam-database/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/dumping-the-sam-database/Dumping the SAM Database Dumping the SAM Database - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/dumping-the-sam-from-disk/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/dumping-the-sam-from-disk/Dumping the SAM from Disk Dumping the SAM from Disk - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/dumping-the-sam-remotely/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/dumping-the-sam-remotely/Dumping the SAM Remotely Dumping the SAM Remotely - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/physical-social-engineering/dumpster-diving/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/physical-social-engineering/dumpster-diving/Dumpster Diving Dumpster Diving - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Impersonation Techniques Lock Picking Pretextinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/analysis-methods/dynamic-analysis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/analysis-methods/dynamic-analysis/Dynamic Analysis Dynamic Analysis - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Malware Analysis Techniques Static Analysishttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/dynamic-device-code-phishing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/dynamic-device-code-phishing/Dynamic Device Code Phishing Dynamic Device Code Phishing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Adversary in the Middle (AitM) via Evilginx Customizing Evilginx OPSEC Configuration Evilginx Phishlet Development Evilginx URL Rewriting GitHub Device Code Phishing GitLab Device Code Phishing Illicit Consent Grant Invisible Proxy OPSEC Considerations Manual TOTP Harvesting MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy via Cloudflare Workers Microsoft Device Code Phishing Protecting Evilginx Server via Caddyhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/ekko-sleep-obfuscation-with-control-flow-guard/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/ekko-sleep-obfuscation-with-control-flow-guard/Ekko Sleep Obfuscation with Control Flow Guard Ekko Sleep Obfuscation with Control Flow Guard - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ekko Sleep Obfuscation with Restored File Section Protections Ekko Sleep Obfuscation with RtlEncryptMemory and RtlDecryptMemory Ekko Sleep Obfuscation with Stack Spoofing Heap Encryption with Ekko Sleep Obfuscation Introduction to Ekko Sleep Obfuscation Introduction to Foliage Sleep Obfuscation Introduction to Sleep Obfuscation PEfluctuation Zilean Sleep Obfuscation with Stack Duplicationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/ekko-sleep-obfuscation-with-restored-file-section-protections/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/ekko-sleep-obfuscation-with-restored-file-section-protections/Ekko Sleep Obfuscation with Restored File Section Protections Ekko Sleep Obfuscation with Restored File Section Protections - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ekko Sleep Obfuscation with Control Flow Guard Ekko Sleep Obfuscation with RtlEncryptMemory and RtlDecryptMemory Ekko Sleep Obfuscation with Stack Spoofing Heap Encryption with Ekko Sleep Obfuscation Introduction to Ekko Sleep Obfuscation Introduction to Foliage Sleep Obfuscation Introduction to Sleep Obfuscation PEfluctuation Zilean Sleep Obfuscation with Stack Duplicationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/ekko-sleep-obfuscation-with-rtlencryptmemory-and-rtldecryptmemory/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/ekko-sleep-obfuscation-with-rtlencryptmemory-and-rtldecryptmemory/Ekko Sleep Obfuscation with RtlEncryptMemory and RtlDecryptMemory Ekko Sleep Obfuscation with RtlEncryptMemory and RtlDecryptMemory - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ekko Sleep Obfuscation with Control Flow Guard Ekko Sleep Obfuscation with Restored File Section Protections Ekko Sleep Obfuscation with Stack Spoofing Heap Encryption with Ekko Sleep Obfuscation Introduction to Ekko Sleep Obfuscation Introduction to Foliage Sleep Obfuscation Introduction to Sleep Obfuscation PEfluctuation Zilean Sleep Obfuscation with Stack Duplicationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/ekko-sleep-obfuscation-with-stack-spoofing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/ekko-sleep-obfuscation-with-stack-spoofing/Ekko Sleep Obfuscation with Stack Spoofing Ekko Sleep Obfuscation with Stack Spoofing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ekko Sleep Obfuscation with Control Flow Guard Ekko Sleep Obfuscation with Restored File Section Protections Ekko Sleep Obfuscation with RtlEncryptMemory and RtlDecryptMemory Heap Encryption with Ekko Sleep Obfuscation Introduction to Ekko Sleep Obfuscation Introduction to Foliage Sleep Obfuscation Introduction to Sleep Obfuscation PEfluctuation Zilean Sleep Obfuscation with Stack Duplicationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/elevate-process-to-system/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/elevate-process-to-system/Elevate Process to SYSTEM Elevate Process to SYSTEM - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/elevate-process-to-system-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/elevate-process-to-system-kernel/Elevate Process to SYSTEM Kernel Elevate Process to SYSTEM Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/email-attachments-and-phishing-campaigns/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/email-attachments-and-phishing-campaigns/Email Attachments and Phishing Campaigns Email Attachments and Phishing Campaigns - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AitM and MFA Bypass Anti-Bot HTML Smuggling Infrastructure Introduction to Phishing Page Design and Delivery Phishing Anti-Analysis Phishing Requirementshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/enable-disable-rdp/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/enable-disable-rdp/Enable Disable RDP Enable Disable RDP - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/enable-disable-restricted-admin/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/enable-disable-restricted-admin/Enable Disable Restricted Admin Enable Disable Restricted Admin - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/enable-remote-desktop-via-registry/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/enable-remote-desktop-via-registry/Enable Remote Desktop via Registry Enable Remote Desktop via Registry - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/enable-sedebugprivilege/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/enable-sedebugprivilege/Enable SeDebugPrivilege Enable SeDebugPrivilege - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/enable-sedebugprivilege-exploitation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/enable-sedebugprivilege-exploitation/Enable SeDebugPrivilege Exploitation Enable SeDebugPrivilege Exploitation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/enable-wdigest/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/enable-wdigest/Enable WDigest Enable WDigest - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/enable-wdigest-for-credential-capture/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/enable-wdigest-for-credential-capture/Enable WDigest for Credential Capture Enable WDigest for Credential Capture - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/Encryption Encryption - the process of encoding data using cryptographic algorithms so that only authorized parties can decode and read it. AES Base N Encoder Entropy Reduction Brute Forcing Key Decryption Caesar Cipher Encryption Decryption ChaCha20 Encryption Algorithm Data Encryption Techniques Encryption Fundamentals Generating Encryption Keys Without WinAPI Calls Random Key Generation RC4 SystemFunction040 Encryption Decryption XOR Encryption Decryption via Multi-Byte Key XOR Encryption Decryption via Single Byte Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/encryption-and-packing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/encryption-and-packing/Encryption and Packing Encryption and Packing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/encryption-and-packing-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/encryption-and-packing-techniques/Encryption and Packing Techniques Encryption and Packing Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/encryption-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/encryption-fundamentals/Encryption Fundamentals Encryption Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Base N Encoder Entropy Reduction Brute Forcing Key Decryption Caesar Cipher Encryption Decryption ChaCha20 Encryption Algorithm Data Encryption Techniques Generating Encryption Keys Without WinAPI Calls Random Key Generation RC4 SystemFunction040 Encryption Decryption XOR Encryption Decryption via Multi-Byte Key XOR Encryption Decryption via Single Bytehttps://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/endpoint-security/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/endpoint-security/Endpoint Security Endpoint Security - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Detection Engineering SIEM and Tools SOC Honeypots Threat Hunting Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-a-domain-groups-members/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-a-domain-groups-members/Enumerate A Domain Groups Members Enumerate A Domain Groups Members - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-accounts-with-password-never-expiring/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-accounts-with-password-never-expiring/Enumerate Accounts with Password Never Expiring Enumerate Accounts with Password Never Expiring - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-aliases-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-aliases-ms-samr/Enumerate Aliases MS-SAMR Enumerate Aliases MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-all-groups-in-the-domain/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-all-groups-in-the-domain/Enumerate All Groups in the Domain Enumerate All Groups in the Domain - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-as-rep-roastable-accounts/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-as-rep-roastable-accounts/Enumerate AS-REP Roastable Accounts Enumerate AS-REP Roastable Accounts - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-connections-ms-srvs/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-connections-ms-srvs/Enumerate Connections MS-SRVS Enumerate Connections MS-SRVS - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-disabled-user-accounts/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-disabled-user-accounts/Enumerate Disabled User Accounts Enumerate Disabled User Accounts - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-domain-admins-members/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-domain-admins-members/Enumerate Domain Admins Members Enumerate Domain Admins Members - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-domain-computers-by-keyword/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-domain-computers-by-keyword/Enumerate Domain Computers by Keyword Enumerate Domain Computers by Keyword - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-domains-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-domains-ms-samr/Enumerate Domains MS-SAMR Enumerate Domains MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-electron-fuses/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-electron-fuses/Enumerate Electron Fuses Enumerate Electron Fuses - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-group-policy-objects-gpos/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-group-policy-objects-gpos/Enumerate Group Policy Objects (GPOs) Enumerate Group Policy Objects (GPOs) - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-groups-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-groups-ms-samr/Enumerate Groups MS-SAMR Enumerate Groups MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-locked-out-user-accounts/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-locked-out-user-accounts/Enumerate Locked Out User Accounts Enumerate Locked Out User Accounts - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-logged-on-users-level-0-ms-wkst/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-logged-on-users-level-0-ms-wkst/Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 0 MS-WKST - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-logged-on-users-level-1-ms-wkst/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-logged-on-users-level-1-ms-wkst/Enumerate Logged On Users Level 1 MS-WKST Enumerate Logged On Users Level 1 MS-WKST - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-lsad-accounts-ms-lsad/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-lsad-accounts-ms-lsad/Enumerate LSAD Accounts MS-LSAD Enumerate LSAD Accounts MS-LSAD - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-must-change-password-accounts/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-must-change-password-accounts/Enumerate Must Change Password Accounts Enumerate Must Change Password Accounts - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-netbios-names/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-netbios-names/Enumerate NetBIOS Names Enumerate NetBIOS Names - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-organizational-units-ous/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-organizational-units-ous/Enumerate Organizational Units (OUs) Enumerate Organizational Units (OUs) - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-process-memory-maps/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-process-memory-maps/Enumerate Process Memory Maps Enumerate Process Memory Maps - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-protected-admin-users/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-protected-admin-users/Enumerate Protected Admin Users Enumerate Protected Admin Users - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-remote-host/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-remote-host/Enumerate Remote Host Enumerate Remote Host - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-rpc-interfaces-c706-mgmt/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-rpc-interfaces-c706-mgmt/Enumerate RPC Interfaces C706-MGMT Enumerate RPC Interfaces C706-MGMT - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-system-privileges-ms-lsad/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-system-privileges-ms-lsad/Enumerate System Privileges MS-LSAD Enumerate System Privileges MS-LSAD - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-user-service-accounts-spn/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-user-service-accounts-spn/Enumerate User Service Accounts SPN Enumerate User Service Accounts SPN - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-userpassword-attribute/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-userpassword-attribute/Enumerate UserPassword Attribute Enumerate UserPassword Attribute - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-users-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-users-ms-samr/Enumerate Users MS-SAMR Enumerate Users MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-users-requiring-smartcard-for-logon/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-users-requiring-smartcard-for-logon/Enumerate Users Requiring Smartcard for Logon Enumerate Users Requiring Smartcard for Logon - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-users-who-never-logged-in/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-users-who-never-logged-in/Enumerate Users Who Never Logged In Enumerate Users Who Never Logged In - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-users-with-password-never-expiring/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-users-with-password-never-expiring/Enumerate Users with Password Never Expiring Enumerate Users with Password Never Expiring - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-users-with-password-not-required/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-users-with-password-not-required/Enumerate Users with Password Not Required Enumerate Users with Password Not Required - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-users-with-reversible-encryption-enabled/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-users-with-reversible-encryption-enabled/Enumerate Users with Reversible Encryption Enabled Enumerate Users with Reversible Encryption Enabled - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-workstation-transports-level-0-ms-wkst/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-workstation-transports-level-0-ms-wkst/Enumerate Workstation Transports Level 0 MS-WKST Enumerate Workstation Transports Level 0 MS-WKST - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/ETW Bypass ETW Bypass - techniques for disabling or subverting Event Tracing for Windows to prevent telemetry collection by EDR and monitoring tools. ETW Bypass Byte Patching ETW Bypass Improved Patching ETW Discovering ETW Tools ETW Evasion ETW Evasion via NtTraceEvent Patching ETW Evasion via Patching ETW Evasion via Patching EtwpEventWrite ETW Evasion via Patching EtwpEventWrite v2 ETW Evasion via WinAPIs Patching ETW Provider Session Hijacking Introduction to ETW Patchless ETW Bypass via Hardware Breakpoints Related Links: AMSI Bypass Anti-Analysis Automated Obfuscation Techniques Code Obfuscation Covering Tracks NTDLL Unhooking and API Hookinghttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-bypass-byte-patching/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-bypass-byte-patching/ETW Bypass Byte Patching ETW Bypass Byte Patching - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ETW Bypass Improved Patching ETW Discovering ETW Tools ETW Evasion ETW Evasion via NtTraceEvent Patching ETW Evasion via Patching ETW Evasion via Patching EtwpEventWrite ETW Evasion via Patching EtwpEventWrite v2 ETW Evasion via WinAPIs Patching ETW Provider Session Hijacking Introduction to ETW Patchless ETW Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-bypass-improved-patching/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-bypass-improved-patching/ETW Bypass Improved Patching ETW Bypass Improved Patching - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ETW Bypass Byte Patching ETW Discovering ETW Tools ETW Evasion ETW Evasion via NtTraceEvent Patching ETW Evasion via Patching ETW Evasion via Patching EtwpEventWrite ETW Evasion via Patching EtwpEventWrite v2 ETW Evasion via WinAPIs Patching ETW Provider Session Hijacking Introduction to ETW Patchless ETW Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-discovering-etw-tools/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-discovering-etw-tools/ETW Discovering ETW Tools ETW Discovering ETW Tools - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ETW Bypass Byte Patching ETW Bypass Improved Patching ETW Evasion ETW Evasion via NtTraceEvent Patching ETW Evasion via Patching ETW Evasion via Patching EtwpEventWrite ETW Evasion via Patching EtwpEventWrite v2 ETW Evasion via WinAPIs Patching ETW Provider Session Hijacking Introduction to ETW Patchless ETW Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-evasion/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-evasion/ETW Evasion ETW Evasion - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ETW Bypass Byte Patching ETW Bypass Improved Patching ETW Discovering ETW Tools ETW Evasion via NtTraceEvent Patching ETW Evasion via Patching ETW Evasion via Patching EtwpEventWrite ETW Evasion via Patching EtwpEventWrite v2 ETW Evasion via WinAPIs Patching ETW Provider Session Hijacking Introduction to ETW Patchless ETW Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-evasion-via-nttraceevent-patching/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-evasion-via-nttraceevent-patching/ETW Evasion via NtTraceEvent Patching ETW Evasion via NtTraceEvent Patching - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ETW Bypass Byte Patching ETW Bypass Improved Patching ETW Discovering ETW Tools ETW Evasion ETW Evasion via Patching ETW Evasion via Patching EtwpEventWrite ETW Evasion via Patching EtwpEventWrite v2 ETW Evasion via WinAPIs Patching ETW Provider Session Hijacking Introduction to ETW Patchless ETW Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-evasion-via-patching/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-evasion-via-patching/ETW Evasion via Patching ETW Evasion via Patching - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ETW Bypass Byte Patching ETW Bypass Improved Patching ETW Discovering ETW Tools ETW Evasion ETW Evasion via NtTraceEvent Patching ETW Evasion via Patching EtwpEventWrite ETW Evasion via Patching EtwpEventWrite v2 ETW Evasion via WinAPIs Patching ETW Provider Session Hijacking Introduction to ETW Patchless ETW Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-evasion-via-patching-etwpeventwrite/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-evasion-via-patching-etwpeventwrite/ETW Evasion via Patching EtwpEventWrite ETW Evasion via Patching EtwpEventWrite - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ETW Bypass Byte Patching ETW Bypass Improved Patching ETW Discovering ETW Tools ETW Evasion ETW Evasion via NtTraceEvent Patching ETW Evasion via Patching ETW Evasion via Patching EtwpEventWrite v2 ETW Evasion via WinAPIs Patching ETW Provider Session Hijacking Introduction to ETW Patchless ETW Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-evasion-via-patching-etwpeventwrite-v2/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-evasion-via-patching-etwpeventwrite-v2/ETW Evasion via Patching EtwpEventWrite v2 ETW Evasion via Patching EtwpEventWrite v2 - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ETW Bypass Byte Patching ETW Bypass Improved Patching ETW Discovering ETW Tools ETW Evasion ETW Evasion via NtTraceEvent Patching ETW Evasion via Patching ETW Evasion via Patching EtwpEventWrite ETW Evasion via WinAPIs Patching ETW Provider Session Hijacking Introduction to ETW Patchless ETW Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-evasion-via-winapis-patching/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-evasion-via-winapis-patching/ETW Evasion via WinAPIs Patching ETW Evasion via WinAPIs Patching - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ETW Bypass Byte Patching ETW Bypass Improved Patching ETW Discovering ETW Tools ETW Evasion ETW Evasion via NtTraceEvent Patching ETW Evasion via Patching ETW Evasion via Patching EtwpEventWrite ETW Evasion via Patching EtwpEventWrite v2 ETW Provider Session Hijacking Introduction to ETW Patchless ETW Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-provider-session-hijacking/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-provider-session-hijacking/ETW Provider Session Hijacking ETW Provider Session Hijacking - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ETW Bypass Byte Patching ETW Bypass Improved Patching ETW Discovering ETW Tools ETW Evasion ETW Evasion via NtTraceEvent Patching ETW Evasion via Patching ETW Evasion via Patching EtwpEventWrite ETW Evasion via Patching EtwpEventWrite v2 ETW Evasion via WinAPIs Patching Introduction to ETW Patchless ETW Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/evading-google-safe-browsing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/evading-google-safe-browsing/Evading Google Safe Browsing Evading Google Safe Browsing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/evasion-with-file-bloating/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/evasion-with-file-bloating/Evasion with File Bloating Evasion with File Bloating - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/evil-twin-attacks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/evil-twin-attacks/Evil Twin Attacks Evil Twin Attacks - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Acoustic Communication Exploits Bluetooth Exploits Deauth Infrared Exploits Near-Field Communication (NFC) Exploits Power Line Communication Exploits Quantum Communication Exploits Radio Frequency Exploits Rogue Access Point Satellite Communication Exploits Ultrasonic Communication Exploits Visible Light Communication Exploits WiFi Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/evilginx-phishlet-development/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/evilginx-phishlet-development/Evilginx Phishlet Development Evilginx Phishlet Development - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Adversary in the Middle (AitM) via Evilginx Customizing Evilginx OPSEC Configuration Dynamic Device Code Phishing Evilginx URL Rewriting GitHub Device Code Phishing GitLab Device Code Phishing Illicit Consent Grant Invisible Proxy OPSEC Considerations Manual TOTP Harvesting MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy via Cloudflare Workers Microsoft Device Code Phishing Protecting Evilginx Server via Caddyhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/evilginx-url-rewriting/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/evilginx-url-rewriting/Evilginx URL Rewriting Evilginx URL Rewriting - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Adversary in the Middle (AitM) via Evilginx Customizing Evilginx OPSEC Configuration Dynamic Device Code Phishing Evilginx Phishlet Development GitHub Device Code Phishing GitLab Device Code Phishing Illicit Consent Grant Invisible Proxy OPSEC Considerations Manual TOTP Harvesting MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy via Cloudflare Workers Microsoft Device Code Phishing Protecting Evilginx Server via Caddyhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/execute-shell-command/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/execute-shell-command/Execute Shell Command Execute Shell Command - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/executing-commands-via-ishelldispatch2-com-interface/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/executing-commands-via-ishelldispatch2-com-interface/Executing Commands via IShellDispatch2 COM Interface Executing Commands via IShellDispatch2 COM Interface - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/executing-files-via-ihxhelppaneserver-com-interface/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/executing-files-via-ihxhelppaneserver-com-interface/Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxHelpPaneServer COM Interface - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/executing-files-via-ihxinteractiveuser-com-interface/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/executing-files-via-ihxinteractiveuser-com-interface/Executing Files via IHxInteractiveUser COM Interface Executing Files via IHxInteractiveUser COM Interface - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-cloud-infrastructure/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-cloud-infrastructure/Exploiting Cloud Infrastructure Exploiting Cloud Infrastructure - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Exploiting Containerized Environments Exploiting Embedded Systems Exploiting Industrial Control Systems (ICS) Exploiting IoT Devices Exploiting Mobile Devices Exploiting Operational Technology (OT) Systems Exploiting Serverless Environmentshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-containerized-environments/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-containerized-environments/Exploiting Containerized Environments Exploiting Containerized Environments - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Exploiting Cloud Infrastructure Exploiting Embedded Systems Exploiting Industrial Control Systems (ICS) Exploiting IoT Devices Exploiting Mobile Devices Exploiting Operational Technology (OT) Systems Exploiting Serverless Environmentshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/exploiting-edr-for-evasion/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/exploiting-edr-for-evasion/Exploiting EDR for Evasion Exploiting EDR for Evasion - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-embedded-systems/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-embedded-systems/Exploiting Embedded Systems Exploiting Embedded Systems - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Exploiting Cloud Infrastructure Exploiting Containerized Environments Exploiting Industrial Control Systems (ICS) Exploiting IoT Devices Exploiting Mobile Devices Exploiting Operational Technology (OT) Systems Exploiting Serverless Environmentshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-industrial-control-systems-ics/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-industrial-control-systems-ics/Exploiting Industrial Control Systems (ICS) Exploiting Industrial Control Systems (ICS) - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Exploiting Cloud Infrastructure Exploiting Containerized Environments Exploiting Embedded Systems Exploiting IoT Devices Exploiting Mobile Devices Exploiting Operational Technology (OT) Systems Exploiting Serverless Environmentshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-iot-devices/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-iot-devices/Exploiting IoT Devices Exploiting IoT Devices - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Exploiting Cloud Infrastructure Exploiting Containerized Environments Exploiting Embedded Systems Exploiting Industrial Control Systems (ICS) Exploiting Mobile Devices Exploiting Operational Technology (OT) Systems Exploiting Serverless Environmentshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-mobile-devices/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-mobile-devices/Exploiting Mobile Devices Exploiting Mobile Devices - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Exploiting Cloud Infrastructure Exploiting Containerized Environments Exploiting Embedded Systems Exploiting Industrial Control Systems (ICS) Exploiting IoT Devices Exploiting Operational Technology (OT) Systems Exploiting Serverless Environmentshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-operational-technology-ot-systems/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-operational-technology-ot-systems/Exploiting Operational Technology (OT) Systems Exploiting Operational Technology (OT) Systems - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Exploiting Cloud Infrastructure Exploiting Containerized Environments Exploiting Embedded Systems Exploiting Industrial Control Systems (ICS) Exploiting IoT Devices Exploiting Mobile Devices Exploiting Serverless Environmentshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-serverless-environments/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-serverless-environments/Exploiting Serverless Environments Exploiting Serverless Environments - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Exploiting Cloud Infrastructure Exploiting Containerized Environments Exploiting Embedded Systems Exploiting Industrial Control Systems (ICS) Exploiting IoT Devices Exploiting Mobile Devices Exploiting Operational Technology (OT) Systemshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/extract-wifi-passwords/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/extract-wifi-passwords/Extract WiFi Passwords Extract WiFi Passwords - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-a-pointer-to-peb/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-a-pointer-to-peb/Fetch a Pointer to PEB Fetch a Pointer to PEB - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-a-pointer-to-peb-arm/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-a-pointer-to-peb-arm/Fetch a Pointer to PEB ARM Fetch a Pointer to PEB ARM - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-a-pointer-to-teb/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-a-pointer-to-teb/Fetch a Pointer to TEB Fetch a Pointer to TEB - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-image-dos-header/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-image-dos-header/Fetch Image DOS Header Fetch Image DOS Header - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-image-headers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-image-headers/Fetch Image Headers Fetch Image Headers - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-image-nt-headers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-image-nt-headers/Fetch Image NT Headers Fetch Image NT Headers - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/fetch-payload-via-url/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/fetch-payload-via-url/Fetch Payload via URL Fetch Payload via URL - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/fetch-payload-via-url-using-iwinhttprequest-com-interface/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/fetch-payload-via-url-using-iwinhttprequest-com-interface/Fetch Payload via URL using IWinHttpRequest COM Interface Fetch Payload via URL using IWinHttpRequest COM Interface - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/fetching-lsass-handle-and-bypassing-ppl/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/fetching-lsass-handle-and-bypassing-ppl/Fetching LSASS Handle and Bypassing PPL Fetching LSASS Handle and Bypassing PPL - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/file-creation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/file-creation/File Creation File Creation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Active Directory Active Directory Enumeration Create Shortcut via IShellLink COM Interface File Operations Windows Administration Windows Exploitation Write File to Diskhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/file-entropy-reduction/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/file-entropy-reduction/File Entropy Reduction File Entropy Reduction - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/file-entropy-reduction-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/file-entropy-reduction-techniques/File Entropy Reduction Techniques File Entropy Reduction Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/file-operations/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/file-operations/File Operations File Operations - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Active Directory Active Directory Enumeration Create Shortcut via IShellLink COM Interface File Creation Windows Administration Windows Exploitation Write File to Diskhttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/digital-social-engineering/file-sharing-and-removable-media/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/digital-social-engineering/file-sharing-and-removable-media/File Sharing and Removable Media File Sharing and Removable Media - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Business Email Compromise Drive-By Downloads Phishing Overview Typo Squatting Watering Hole Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/file-time-stomping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/file-time-stomping/File Time Stomping File Time Stomping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Forensic Techniques Covering Tracks Techniques Data Destruction Techniques Log Tampering Techniques Self-Deletion Techniques Shadow Copy Deletion Timestomping Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/file-upload-via-smb/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/file-upload-via-smb/File Upload via SMB File Upload via SMB - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/fileless-malware/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/fileless-malware/Fileless Malware Fileless Malware - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/Firewalls Firewalls - network security systems that monitor and control incoming and outgoing traffic based on predetermined security rules. DMZ Firewalls Overview Honeypots Jump Server Microsegmentation Network Segmentation Port Blocking Zero Trust Architecture Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/firewalls-overview/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/firewalls-overview/Firewalls Overview Firewalls Overview - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DMZ Honeypots Jump Server Microsegmentation Network Segmentation Port Blocking Zero Trust Architecturehttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/fnv1a-string-hashing-algorithm/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/fnv1a-string-hashing-algorithm/FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/fnv1a-string-hashing-algorithm-ascii/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/fnv1a-string-hashing-algorithm-ascii/FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Algorithm ASCII - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/fnv1a-string-hashing-syscalls-hash-values/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/fnv1a-string-hashing-syscalls-hash-values/FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/fnv1a-string-hashing-syscalls-hash-values-nt/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/fnv1a-string-hashing-syscalls-hash-values-nt/FNV1A String Hashing Syscalls Hash Values NT FNV1A String Hashing Syscalls Hash Values NT - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/fnv1a-syscalls-hash-values-zw/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/fnv1a-syscalls-hash-values-zw/FNV1A Syscalls Hash Values ZW FNV1A Syscalls Hash Values ZW - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/fnv1a-winapis-hash-values/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/fnv1a-winapis-hash-values/FNV1A WinAPIs Hash Values FNV1A WinAPIs Hash Values - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/forensics/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/forensics/Forensics Forensics - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Forensic Techniques Automated Reverse Engineering Digital Forensics Hayabusa Incident Response Threat Hunting Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/forwarded-functions/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/forwarded-functions/Forwarded Functions Forwarded Functions - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/function-replacements/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/function-replacements/Function Replacements Function Replacements - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/function-replacements-eg-malloc-strcpy-zeromemory/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/function-replacements-eg-malloc-strcpy-zeromemory/Function Replacements eg Malloc Strcpy ZeroMemory Function Replacements eg Malloc Strcpy ZeroMemory - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/function-stomping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/function-stomping/Function Stomping Function Stomping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/generating-encryption-keys-without-winapi-calls/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/generating-encryption-keys-without-winapi-calls/Generating Encryption Keys Without WinAPI Calls Generating Encryption Keys Without WinAPI Calls - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Base N Encoder Entropy Reduction Brute Forcing Key Decryption Caesar Cipher Encryption Decryption ChaCha20 Encryption Algorithm Data Encryption Techniques Encryption Fundamentals Random Key Generation RC4 SystemFunction040 Encryption Decryption XOR Encryption Decryption via Multi-Byte Key XOR Encryption Decryption via Single Bytehttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/get-current-lsa-user-ms-lsat/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/get-current-lsa-user-ms-lsat/Get Current LSA User MS-LSAT Get Current LSA User MS-LSAT - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/get-current-token/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/get-current-token/Get Current Token Get Current Token - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/get-domain-sid/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/get-domain-sid/Get Domain SID Get Domain SID - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/get-domain-sid-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/get-domain-sid-ms-samr/Get Domain SID MS-SAMR Get Domain SID MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/get-ntdll-base-address-from-stack-frame-walk/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/get-ntdll-base-address-from-stack-frame-walk/Get NTDLL Base Address from Stack Frame Walk Get NTDLL Base Address from Stack Frame Walk - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/get-payload-from-url/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/get-payload-from-url/Get Payload from URL Get Payload from URL - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/get-service-display-name-ms-scmr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/get-service-display-name-ms-scmr/Get Service Display Name MS-SCMR Get Service Display Name MS-SCMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/get-username/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/get-username/Get Username Get Username - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/get-workstation-info-level-100-ms-wkst/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/get-workstation-info-level-100-ms-wkst/Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 100 MS-WKST - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/get-workstation-info-level-101-ms-wkst/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/get-workstation-info-level-101-ms-wkst/Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 101 MS-WKST - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/get-workstation-info-level-102-ms-wkst/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/get-workstation-info-level-102-ms-wkst/Get Workstation Info Level 102 MS-WKST Get Workstation Info Level 102 MS-WKST - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/getmodulehandle-replacement/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/getmodulehandle-replacement/GetModuleHandle Replacement GetModuleHandle Replacement - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/getprocaddress-replacement/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/getprocaddress-replacement/GetProcAddress Replacement GetProcAddress Replacement - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/ghidra/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/ghidra/Ghidra Ghidra - a free and open-source reverse engineering tool suite developed by the NSA for analyzing compiled code across multiple platforms. Ghidra Fundamentals Ghidra Scripting Reverse Engineering with Ghidra Static Analysis with Ghidra Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/ghidra/ghidra-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/ghidra/ghidra-fundamentals/Ghidra Fundamentals Ghidra Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ghidra Scripting Reverse Engineering with Ghidra Static Analysis with Ghidrahttps://r0tbyt3.dev/wiki/content/cybersecurity/ghidra/ghidra-scripting/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/ghidra/ghidra-scripting/Ghidra Scripting Ghidra Scripting - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ghidra Fundamentals Reverse Engineering with Ghidra Static Analysis with Ghidrahttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/ghost-process-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/ghost-process-injection/Ghost Process Injection Ghost Process Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/ghostly-hollowing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/ghostly-hollowing/Ghostly Hollowing Ghostly Hollowing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/github-device-code-phishing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/github-device-code-phishing/GitHub Device Code Phishing GitHub Device Code Phishing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Adversary in the Middle (AitM) via Evilginx Customizing Evilginx OPSEC Configuration Dynamic Device Code Phishing Evilginx Phishlet Development Evilginx URL Rewriting GitLab Device Code Phishing Illicit Consent Grant Invisible Proxy OPSEC Considerations Manual TOTP Harvesting MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy via Cloudflare Workers Microsoft Device Code Phishing Protecting Evilginx Server via Caddyhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/gitlab-device-code-phishing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/gitlab-device-code-phishing/GitLab Device Code Phishing GitLab Device Code Phishing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Adversary in the Middle (AitM) via Evilginx Customizing Evilginx OPSEC Configuration Dynamic Device Code Phishing Evilginx Phishlet Development Evilginx URL Rewriting GitHub Device Code Phishing Illicit Consent Grant Invisible Proxy OPSEC Considerations Manual TOTP Harvesting MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy via Cloudflare Workers Microsoft Device Code Phishing Protecting Evilginx Server via Caddyhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/goto-functionality/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/goto-functionality/GoTo Functionality GoTo Functionality - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/group-administration/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/group-administration/Group Administration Group Administration - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Active Directory Fundamentals IAM Policies Identity and Access Management Fundamentals Identity Federation Pass the Hash Privileged Access Management User Administrationhttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-protocols/handshakes/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-protocols/handshakes/Handshakes Handshakes - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS HTTPS Networking Networking Fundamentals Subnettinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/hardware-breakpoint-hooking-library/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/hardware-breakpoint-hooking-library/Hardware Breakpoint Hooking Library Hardware Breakpoint Hooking Library - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/hardware-breakpoint-threadless-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/hardware-breakpoint-threadless-injection/Hardware Breakpoint Threadless Injection Hardware Breakpoint Threadless Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/hardware-hooks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/hardware-hooks/Hardware Hooks Hardware Hooks - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Variants NTDLL Unhooking NTDLL Unhooking Variants Unhooking All DLLs Utilizing Hardware Breakpoints for Hooking 1 Utilizing Hardware Breakpoints for Hooking 2https://r0tbyt3.dev/wiki/content/cybersecurity/hashing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/hashing/Hashing Hashing - the transformation of arbitrary data into a fixed-size digest using one-way cryptographic functions for integrity verification and storage. CRC DJB2 Lose Lose Hashing Algorithms Hashing Fundamentals Multiple Hashing Algorithms Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/hashing/hashing-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/hashing/hashing-fundamentals/Hashing Fundamentals Hashing Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: CRC DJB2 Lose Lose Hashing Algorithms Multiple Hashing Algorithmshttps://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/hayabusa/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/hayabusa/Hayabusa Hayabusa - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Forensic Techniques Automated Reverse Engineering Digital Forensics Forensics Incident Response Threat Hunting Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/siem-and-tools/hayabusa/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/siem-and-tools/hayabusa/Hayabusa Hayabusa - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Maltego SIEM Fundamentals Splunkhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/heap-encryption-with-ekko-sleep-obfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/heap-encryption-with-ekko-sleep-obfuscation/Heap Encryption with Ekko Sleep Obfuscation Heap Encryption with Ekko Sleep Obfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ekko Sleep Obfuscation with Control Flow Guard Ekko Sleep Obfuscation with Restored File Section Protections Ekko Sleep Obfuscation with RtlEncryptMemory and RtlDecryptMemory Ekko Sleep Obfuscation with Stack Spoofing Introduction to Ekko Sleep Obfuscation Introduction to Foliage Sleep Obfuscation Introduction to Sleep Obfuscation PEfluctuation Zilean Sleep Obfuscation with Stack Duplicationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/hellshall/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/hellshall/Hellshall Hellshall - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/herpaderping-hollowing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/herpaderping-hollowing/Herpaderping Hollowing Herpaderping Hollowing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/herpaderping-process-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/herpaderping-process-injection/Herpaderping Process Injection Herpaderping Process Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/hide-console-window/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/hide-console-window/Hide Console Window Hide Console Window - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/hide-process-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/hide-process-kernel/Hide Process Kernel Hide Process Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/hide-process-kernel-internals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/hide-process-kernel-internals/Hide Process Kernel Internals Hide Process Kernel Internals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/hide-thread-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/hide-thread-kernel/Hide Thread Kernel Hide Thread Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/hide-thread-kernel-internals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/hide-thread-kernel-internals/Hide Thread Kernel Internals Hide Thread Kernel Internals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/hiding-domain-via-referrer-policy/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/hiding-domain-via-referrer-policy/Hiding Domain via Referrer Policy Hiding Domain via Referrer Policy - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/honeypots/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/honeypots/Honeypots Honeypots - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DMZ Firewalls Overview Jump Server Microsegmentation Network Segmentation Port Blocking Zero Trust Architecturehttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/host-check/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/host-check/Host Check Host Check - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Lookup ICMP Echo Network Attacks Network Evasion Techniques Network Protocols Port Scanning TCP Port Scan VPNs Wireless and Physical Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/digital-forensics/host-forensics-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/digital-forensics/host-forensics-fundamentals/Host Forensics Fundamentals Host Forensics Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Disk Forensics Memory Forensicshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/hostname-verification/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/hostname-verification/Hostname Verification Hostname Verification - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/HTML Smuggling HTML Smuggling - techniques for delivering malicious payloads by encoding them within HTML and JavaScript to bypass email and web content filters. Analyzing and Evading SmuggleShield HTML Smuggling HTML Smuggling Strategies Integrating Anti-Bot with HTML Smuggling MOTW Bypass via FileFix Variations SVG Smuggling WebAssembly Smuggling Related Links: AitM and MFA Bypass Anti-Bot Email Attachments and Phishing Campaigns Infrastructure Introduction to Phishing Page Design and Delivery Phishing Anti-Analysis Phishing Requirementshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/html-smuggling/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/html-smuggling/HTML Smuggling HTML Smuggling - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing and Evading SmuggleShield HTML Smuggling Strategies Integrating Anti-Bot with HTML Smuggling MOTW Bypass via FileFix Variations SVG Smuggling WebAssembly Smugglinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/html-smuggling-strategies/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/html-smuggling-strategies/HTML Smuggling Strategies HTML Smuggling Strategies - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing and Evading SmuggleShield HTML Smuggling Integrating Anti-Bot with HTML Smuggling MOTW Bypass via FileFix Variations SVG Smuggling WebAssembly Smugglinghttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-protocols/https/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-protocols/https/HTTPS HTTPS - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Handshakes Networking Networking Fundamentals Subnettinghttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/hypervisors/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/hypervisors/Hypervisors Hypervisors - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/iam-policies/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/iam-policies/IAM Policies IAM Policies - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Active Directory Fundamentals Group Administration Identity and Access Management Fundamentals Identity Federation Pass the Hash Privileged Access Management User Administrationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/iat-api-set-resolution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/iat-api-set-resolution/IAT API Set Resolution IAT API Set Resolution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/iat-camouflage/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/iat-camouflage/IAT Camouflage IAT Camouflage - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/iat-obfuscation-variants/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/iat-obfuscation-variants/IAT Obfuscation Variants IAT Obfuscation Variants - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/icmp-echo/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/icmp-echo/ICMP Echo ICMP Echo - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Lookup Host Check Network Attacks Network Evasion Techniques Network Protocols Port Scanning TCP Port Scan VPNs Wireless and Physical Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/identity-and-access-management-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/identity-and-access-management-fundamentals/Identity and Access Management Fundamentals Identity and Access Management Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Active Directory Fundamentals Group Administration IAM Policies Identity Federation Pass the Hash Privileged Access Management User Administrationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/identity-federation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/identity-federation/Identity Federation Identity Federation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Active Directory Fundamentals Group Administration IAM Policies Identity and Access Management Fundamentals Pass the Hash Privileged Access Management User Administrationhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/ids-evasion-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/ids-evasion-techniques/IDS Evasion Techniques IDS Evasion Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/illicit-consent-grant/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/illicit-consent-grant/Illicit Consent Grant Illicit Consent Grant - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Adversary in the Middle (AitM) via Evilginx Customizing Evilginx OPSEC Configuration Dynamic Device Code Phishing Evilginx Phishlet Development Evilginx URL Rewriting GitHub Device Code Phishing GitLab Device Code Phishing Invisible Proxy OPSEC Considerations Manual TOTP Harvesting MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy via Cloudflare Workers Microsoft Device Code Phishing Protecting Evilginx Server via Caddyhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/impersonate-process-user/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/impersonate-process-user/Impersonate Process User Impersonate Process User - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/physical-social-engineering/impersonation-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/physical-social-engineering/impersonation-techniques/Impersonation Techniques Impersonation Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Dumpster Diving Lock Picking Pretextinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/improving-domain-reputation-domain-aging/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/improving-domain-reputation-domain-aging/Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Aging - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/improving-domain-reputation-domain-categorization/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/improving-domain-reputation-domain-categorization/Improving Domain Reputation Domain Categorization Improving Domain Reputation Domain Categorization - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/improving-domain-reputation-web-traffic/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/improving-domain-reputation-web-traffic/Improving Domain Reputation Web Traffic Improving Domain Reputation Web Traffic - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/incident-response/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/incident-response/Incident Response Incident Response - the coordinated approach to preparing for, detecting, containing, and recovering from cybersecurity incidents. Incident Response Lifecycle Related Links: Anti-Forensic Techniques Automated Reverse Engineering Digital Forensics Forensics Hayabusa Threat Hunting Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/Incident Response and Forensics Incident Response and Forensics - the structured process of detecting, analyzing, containing, and recovering from security incidents while preserving evidence. Anti-Forensic Techniques Automated Reverse Engineering Digital Forensics Forensics Hayabusa Incident Response Threat Hunting Techniques Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/incident-response/incident-response-lifecycle/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/incident-response/incident-response-lifecycle/Incident Response Lifecycle Incident Response Lifecycle - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links:https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/incognito-mode-detection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/incognito-mode-detection/Incognito Mode Detection Incognito Mode Detection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/indirect-syscalls/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/indirect-syscalls/Indirect Syscalls Indirect Syscalls - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/Information Security Models Information Security Models - frameworks, principles, and governance models used to guide the design and assessment of secure information systems. CIA Triad Information Security Models Overview Privacy Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/information-security-models-overview/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/information-security-models-overview/Information Security Models Overview Information Security Models Overview - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: CIA Triad Privacyhttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/infrared-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/infrared-exploits/Infrared Exploits Infrared Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Acoustic Communication Exploits Bluetooth Exploits Deauth Evil Twin Attacks Near-Field Communication (NFC) Exploits Power Line Communication Exploits Quantum Communication Exploits Radio Frequency Exploits Rogue Access Point Satellite Communication Exploits Ultrasonic Communication Exploits Visible Light Communication Exploits WiFi Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/Infrastructure Infrastructure - the server setup, domain configuration, SSL management, and automation required to deploy and operate phishing campaigns. Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypt Related Links: AitM and MFA Bypass Anti-Bot Email Attachments and Phishing Campaigns HTML Smuggling Introduction to Phishing Page Design and Delivery Phishing Anti-Analysis Phishing Requirementshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/injection-attacks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/injection-attacks/Injection Attacks Injection Attacks - attack techniques that insert malicious data into an application to alter its execution or query behavior. Buffer Overflows CSRF Directory Traversal SQL Injection Timing Attacks XSS Related Links: Authentication and Authorization Automated Exploit Generation Automated Vulnerability Discovery Common Exploit Frameworks and Tools OWASP Top 10 Secure Coding Fundamentals Software Vulnerabilities and Exploits Target-Specific Exploitation Web Based Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/inserting-a-custom-section-into-a-pe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/inserting-a-custom-section-into-a-pe/Inserting a Custom Section into a PE Inserting a Custom Section into a PE - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/integrating-anti-bot-with-html-smuggling/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/integrating-anti-bot-with-html-smuggling/Integrating Anti-Bot with HTML Smuggling Integrating Anti-Bot with HTML Smuggling - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing and Evading SmuggleShield HTML Smuggling HTML Smuggling Strategies MOTW Bypass via FileFix Variations SVG Smuggling WebAssembly Smugglinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/integrating-backend-functionality/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/integrating-backend-functionality/Integrating Backend Functionality Integrating Backend Functionality - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ClickFix Run Dialog Alternatives Cloning Websites via Browser Extension Designing Custom Phishing Pages Introduction to Apache Mod Rewrite Introduction to ClickFix Introduction to Flask Living Off Trusted Sites (LOTS)https://r0tbyt3.dev/wiki/content/cybersecurity/burp-suite/intercepting-proxy/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/burp-suite/intercepting-proxy/Intercepting Proxy Intercepting Proxy - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Burp Suite Fundamentals Intruder Repeater Scannerhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/amsi-bypass/introduction-to-amsi/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/amsi-bypass/introduction-to-amsi/Introduction to AMSI Introduction to AMSI - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AMSI Bypass Byte Patching AMSI Evasion AMSI Evasion via Hardware Breakpoint Hooks AMSI Evasion via Patching Patchless AMSI Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/introduction-to-apache-mod-rewrite/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/introduction-to-apache-mod-rewrite/Introduction to Apache Mod Rewrite Introduction to Apache Mod Rewrite - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ClickFix Run Dialog Alternatives Cloning Websites via Browser Extension Designing Custom Phishing Pages Integrating Backend Functionality Introduction to ClickFix Introduction to Flask Living Off Trusted Sites (LOTS)https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/beacon-object-files-bof/introduction-to-bof/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/beacon-object-files-bof/introduction-to-bof/Introduction to BOF Introduction to BOF - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: BOF Execution LSASS Dump BOF Object File Loader with Module Stomping Threadless Shellcode Injection via HWBPs BOF Writing BOF Fileshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/introduction-to-caddy/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/introduction-to-caddy/Introduction to Caddy Introduction to Caddy - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/introduction-to-clickfix/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/introduction-to-clickfix/Introduction to ClickFix Introduction to ClickFix - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ClickFix Run Dialog Alternatives Cloning Websites via Browser Extension Designing Custom Phishing Pages Integrating Backend Functionality Introduction to Apache Mod Rewrite Introduction to Flask Living Off Trusted Sites (LOTS)https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/introduction-to-dll-sideloading/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/introduction-to-dll-sideloading/Introduction to DLL Sideloading Introduction to DLL Sideloading - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/introduction-to-edrs/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/introduction-to-edrs/Introduction to EDRs Introduction to EDRs - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/introduction-to-ekko-sleep-obfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/introduction-to-ekko-sleep-obfuscation/Introduction to Ekko Sleep Obfuscation Introduction to Ekko Sleep Obfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ekko Sleep Obfuscation with Control Flow Guard Ekko Sleep Obfuscation with Restored File Section Protections Ekko Sleep Obfuscation with RtlEncryptMemory and RtlDecryptMemory Ekko Sleep Obfuscation with Stack Spoofing Heap Encryption with Ekko Sleep Obfuscation Introduction to Foliage Sleep Obfuscation Introduction to Sleep Obfuscation PEfluctuation Zilean Sleep Obfuscation with Stack Duplicationhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/introduction-to-etw/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/introduction-to-etw/Introduction to ETW Introduction to ETW - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ETW Bypass Byte Patching ETW Bypass Improved Patching ETW Discovering ETW Tools ETW Evasion ETW Evasion via NtTraceEvent Patching ETW Evasion via Patching ETW Evasion via Patching EtwpEventWrite ETW Evasion via Patching EtwpEventWrite v2 ETW Evasion via WinAPIs Patching ETW Provider Session Hijacking Patchless ETW Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/introduction-to-flask/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/introduction-to-flask/Introduction to Flask Introduction to Flask - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ClickFix Run Dialog Alternatives Cloning Websites via Browser Extension Designing Custom Phishing Pages Integrating Backend Functionality Introduction to Apache Mod Rewrite Introduction to ClickFix Living Off Trusted Sites (LOTS)https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/introduction-to-foliage-sleep-obfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/introduction-to-foliage-sleep-obfuscation/Introduction to Foliage Sleep Obfuscation Introduction to Foliage Sleep Obfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ekko Sleep Obfuscation with Control Flow Guard Ekko Sleep Obfuscation with Restored File Section Protections Ekko Sleep Obfuscation with RtlEncryptMemory and RtlDecryptMemory Ekko Sleep Obfuscation with Stack Spoofing Heap Encryption with Ekko Sleep Obfuscation Introduction to Ekko Sleep Obfuscation Introduction to Sleep Obfuscation PEfluctuation Zilean Sleep Obfuscation with Stack Duplicationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/introduction-to-havoc-c2/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/introduction-to-havoc-c2/Introduction to Havoc C2 Introduction to Havoc C2 - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/introduction-to-keylogging/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/introduction-to-keylogging/Introduction to Keylogging Introduction to Keylogging - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/introduction-to-lsass-dumping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/introduction-to-lsass-dumping/Introduction to LSASS Dumping Introduction to LSASS Dumping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/introduction-to-masm-assembly/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/introduction-to-masm-assembly/Introduction to MASM Assembly Introduction to MASM Assembly - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/nginx/introduction-to-nginx-capabilities/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/nginx/introduction-to-nginx-capabilities/Introduction to Nginx Capabilities Introduction to Nginx Capabilities - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Nginx Demo Reverse Proxying Nginx Fundamentals Protecting Phishing Servers via Nginxhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/introduction-to-phishing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/introduction-to-phishing/Introduction to Phishing Introduction to Phishing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AitM and MFA Bypass Anti-Bot Email Attachments and Phishing Campaigns HTML Smuggling Infrastructure Page Design and Delivery Phishing Anti-Analysis Phishing Requirementshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/introduction-to-sleep-obfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/introduction-to-sleep-obfuscation/Introduction to Sleep Obfuscation Introduction to Sleep Obfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ekko Sleep Obfuscation with Control Flow Guard Ekko Sleep Obfuscation with Restored File Section Protections Ekko Sleep Obfuscation with RtlEncryptMemory and RtlDecryptMemory Ekko Sleep Obfuscation with Stack Spoofing Heap Encryption with Ekko Sleep Obfuscation Introduction to Ekko Sleep Obfuscation Introduction to Foliage Sleep Obfuscation PEfluctuation Zilean Sleep Obfuscation with Stack Duplicationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/introduction-to-the-windows-os/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/introduction-to-the-windows-os/Introduction to the Windows OS Introduction to the Windows OS - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/introduction-to-windows-persistence/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/introduction-to-windows-persistence/Introduction to Windows Persistence Introduction to Windows Persistence - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Abusing WMI for Persistence Persistence via COM Object Hijacking Persistence via Electron Applications Persistence via File System Persistence via Startup Folder Persistence via Windows Registry Persistence via Windows Services Persistence via Windows Taskshttps://r0tbyt3.dev/wiki/content/cybersecurity/burp-suite/intruder/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/burp-suite/intruder/Intruder Intruder - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Burp Suite Fundamentals Intercepting Proxy Repeater Scannerhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/invisible-proxy-opsec-considerations/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/invisible-proxy-opsec-considerations/Invisible Proxy OPSEC Considerations Invisible Proxy OPSEC Considerations - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Adversary in the Middle (AitM) via Evilginx Customizing Evilginx OPSEC Configuration Dynamic Device Code Phishing Evilginx Phishlet Development Evilginx URL Rewriting GitHub Device Code Phishing GitLab Device Code Phishing Illicit Consent Grant Manual TOTP Harvesting MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy via Cloudflare Workers Microsoft Device Code Phishing Protecting Evilginx Server via Caddyhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/ip-address-whitelisting/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/ip-address-whitelisting/IP Address Whitelisting IP Address Whitelisting - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/linux-operating-system/ipconfig-and-ifconfig/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/linux-operating-system/ipconfig-and-ifconfig/Ipconfig and Ifconfig Ipconfig and Ifconfig - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Kali vs Parrot vs BlackArch vs Qubes Linux Fundamentals Pinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/ja3-ja3s-fingerprinting/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/ja3-ja3s-fingerprinting/JA3 JA3S Fingerprinting JA3 JA3S Fingerprinting - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/ja4-analysis-blacklisting-ja4-fingerprints/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/ja4-analysis-blacklisting-ja4-fingerprints/JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting JA4 Fingerprints - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/ja4-analysis-blacklisting-partial-ja4-fingerprints/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/ja4-analysis-blacklisting-partial-ja4-fingerprints/JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/ja4-analysis-calculating-ja4-fingerprints/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/ja4-analysis-calculating-ja4-fingerprints/JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/ja4-analysis-whitelisting-partial-ja4-fingerprints/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/ja4-analysis-whitelisting-partial-ja4-fingerprints/JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/ja4-ja4s-fingerprinting/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/ja4-ja4s-fingerprinting/JA4 JA4S Fingerprinting JA4 JA4S Fingerprinting - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/jail-breaking/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/jail-breaking/Jail Breaking Jail Breaking - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/jarm-fingerprinting/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/jarm-fingerprinting/JARM Fingerprinting JARM Fingerprinting - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/js-string-hashing-algorithm/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/js-string-hashing-algorithm/JS String Hashing Algorithm JS String Hashing Algorithm - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/js-string-hashing-algorithm-ascii/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/js-string-hashing-algorithm-ascii/JS String Hashing Algorithm ASCII JS String Hashing Algorithm ASCII - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/js-string-hashing-syscalls-hash-values-nt/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/js-string-hashing-syscalls-hash-values-nt/JS String Hashing Syscalls Hash Values NT JS String Hashing Syscalls Hash Values NT - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/js-syscalls-hash-values-zw/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/js-syscalls-hash-values-zw/JS Syscalls Hash Values ZW JS Syscalls Hash Values ZW - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/js-winapis-hash-values/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/js-winapis-hash-values/JS WinAPIs Hash Values JS WinAPIs Hash Values - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/jump-server/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/jump-server/Jump Server Jump Server - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DMZ Firewalls Overview Honeypots Microsegmentation Network Segmentation Port Blocking Zero Trust Architecturehttps://r0tbyt3.dev/wiki/content/cybersecurity/linux-operating-system/kali-vs-parrot-vs-blackarch-vs-qubes/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/linux-operating-system/kali-vs-parrot-vs-blackarch-vs-qubes/Kali vs Parrot vs BlackArch vs Qubes Kali vs Parrot vs BlackArch vs Qubes - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ipconfig and Ifconfig Linux Fundamentals Pinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/kernel-modules-enumeration-via-auxklibquerymoduleinformation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/kernel-modules-enumeration-via-auxklibquerymoduleinformation/Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via AuxKlibQueryModuleInformation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/kernel-modules-enumeration-via-psloadedmodulelist/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/kernel-modules-enumeration-via-psloadedmodulelist/Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via PsLoadedModuleList - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/kernel-modules-enumeration-via-zwquerysysteminformation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/kernel-modules-enumeration-via-zwquerysysteminformation/Kernel Modules Enumeration via ZwQuerySystemInformation Kernel Modules Enumeration via ZwQuerySystemInformation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/knowndll-cache-poisoning-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/knowndll-cache-poisoning-injection/KnownDLL Cache Poisoning Injection KnownDLL Cache Poisoning Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/lateral-movement-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/lateral-movement-techniques/Lateral Movement Techniques Lateral Movement Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/ldap-query/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/ldap-query/LDAP Query LDAP Query - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/library-proxy-loading/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/library-proxy-loading/Library Proxy Loading Library Proxy Loading - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/linux-operating-system/linux-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/linux-operating-system/linux-fundamentals/Linux Fundamentals Linux Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ipconfig and Ifconfig Kali vs Parrot vs BlackArch vs Qubes Pinghttps://r0tbyt3.dev/wiki/content/cybersecurity/linux-operating-system/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/linux-operating-system/Linux Operating System Linux Operating System - Linux fundamentals, administration, and command-line tools used in cybersecurity operations and penetration testing environments. Ipconfig and Ifconfig Kali vs Parrot vs BlackArch vs Qubes Linux Fundamentals Ping Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/list-smb-files/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/list-smb-files/List SMB Files List SMB Files - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/living-off-the-land-lotl-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/living-off-the-land-lotl-techniques/Living Off the Land (LOTL) Techniques Living Off the Land (LOTL) Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/living-off-trusted-sites-lots/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/living-off-trusted-sites-lots/Living Off Trusted Sites (LOTS) Living Off Trusted Sites (LOTS) - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ClickFix Run Dialog Alternatives Cloning Websites via Browser Extension Designing Custom Phishing Pages Integrating Backend Functionality Introduction to Apache Mod Rewrite Introduction to ClickFix Introduction to Flaskhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/local-apc-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/local-apc-injection/Local APC Injection Local APC Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/local-dll-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/local-dll-injection/Local DLL Injection Local DLL Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/local-function-stomping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/local-function-stomping/Local Function Stomping Local Function Stomping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/local-mapping-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/local-mapping-injection/Local Mapping Injection Local Mapping Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/local-payload-execution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/local-payload-execution/Local Payload Execution Local Payload Execution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/local-pe-execution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/local-pe-execution/Local PE Execution Local PE Execution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/local-shellcode-execution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/local-shellcode-execution/Local Shellcode Execution Local Shellcode Execution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/physical-social-engineering/lock-picking/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/physical-social-engineering/lock-picking/Lock Picking Lock Picking - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Dumpster Diving Impersonation Techniques Pretextinghttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/log-tampering-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/log-tampering-techniques/Log Tampering Techniques Log Tampering Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Forensic Techniques Covering Tracks Techniques Data Destruction Techniques File Time Stomping Self-Deletion Techniques Shadow Copy Deletion Timestomping Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/lookup-privilege-value-ms-lsad/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/lookup-privilege-value-ms-lsad/Lookup Privilege Value MS-LSAD Lookup Privilege Value MS-LSAD - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/beacon-object-files-bof/lsass-dump-bof/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/beacon-object-files-bof/lsass-dump-bof/LSASS Dump BOF LSASS Dump BOF - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: BOF Execution Introduction to BOF Object File Loader with Module Stomping Threadless Shellcode Injection via HWBPs BOF Writing BOF Fileshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/lsass-dump-via-handle-duplication/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/lsass-dump-via-handle-duplication/LSASS Dump via Handle Duplication LSASS Dump via Handle Duplication - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/lsass-dump-via-minidumpwritedump/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/lsass-dump-via-minidumpwritedump/LSASS Dump via MiniDumpWriteDump LSASS Dump via MiniDumpWriteDump - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/lsass-dump-via-rtlreportsilentprocessexit/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/lsass-dump-via-rtlreportsilentprocessexit/LSASS Dump via RtlReportSilentProcessExit LSASS Dump via RtlReportSilentProcessExit - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/lsass-dump-via-seclogon-race-condition/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/lsass-dump-via-seclogon-race-condition/LSASS Dump via SecLogon Race Condition LSASS Dump via SecLogon Race Condition - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/maintaining-persistence-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/maintaining-persistence-techniques/Maintaining Persistence Techniques Maintaining Persistence Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/maltego/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/maltego/Maltego Maltego - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analysis Methods Automated Malware Analysis Memory Leaks Metasploit Reverse Engineering Urlvoid Virustotalhttps://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/siem-and-tools/maltego/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/siem-and-tools/maltego/Maltego Maltego - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Hayabusa SIEM Fundamentals Splunkhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/Malware Analysis Malware Analysis - the process of examining malicious software to understand its behavior, functionality, origin, and impact on affected systems. Analysis Methods Automated Malware Analysis Maltego Memory Leaks Metasploit Reverse Engineering Urlvoid Virustotal Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/analysis-methods/malware-analysis-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/analysis-methods/malware-analysis-techniques/Malware Analysis Techniques Malware Analysis Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Dynamic Analysis Static Analysishttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/malware-binary-signing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/malware-binary-signing/Malware Binary Signing Malware Binary Signing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/malware-binary-signing-obfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/malware-binary-signing-obfuscation/Malware Binary Signing Obfuscation Malware Binary Signing Obfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/malware-compiling/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/malware-compiling/Malware Compiling Malware Compiling - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/Malware Concepts Malware Concepts - foundational knowledge about malware types, behaviors, and development techniques used in offensive security research. Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templates Related Links: Beacon Object Files (BOF) C2 and Networking Credential Dumping Payload and PE Persistence Process Injection Sleep Obfuscation Windows Internalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/Malware Development Malware Development - the study of techniques used to create, deploy, and operate malicious software including loaders, implants, and post-exploitation tools. Beacon Object Files (BOF) C2 and Networking Credential Dumping Malware Concepts Payload and PE Persistence Process Injection Sleep Obfuscation Windows Internals Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/malware-development-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/malware-development-techniques/Malware Development Techniques Malware Development Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/malware-directory-placement/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/malware-directory-placement/Malware Directory Placement Malware Directory Placement - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/malware-kill-date/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/malware-kill-date/Malware Kill Date Malware Kill Date - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/malware-working-hours/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/malware-working-hours/Malware Working Hours Malware Working Hours - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/manual-totp-harvesting/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/manual-totp-harvesting/Manual TOTP Harvesting Manual TOTP Harvesting - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Adversary in the Middle (AitM) via Evilginx Customizing Evilginx OPSEC Configuration Dynamic Device Code Phishing Evilginx Phishlet Development Evilginx URL Rewriting GitHub Device Code Phishing GitLab Device Code Phishing Illicit Consent Grant Invisible Proxy OPSEC Considerations MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy via Cloudflare Workers Microsoft Device Code Phishing Protecting Evilginx Server via Caddyhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/manually-mapping-api-set-names/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/manually-mapping-api-set-names/Manually Mapping API Set Names Manually Mapping API Set Names - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/digital-forensics/memory-forensics/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/digital-forensics/memory-forensics/Memory Forensics Memory Forensics - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Disk Forensics Host Forensics Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/memory-leaks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/memory-leaks/Memory Leaks Memory Leaks - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analysis Methods Automated Malware Analysis Maltego Metasploit Reverse Engineering Urlvoid Virustotalhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/metamorphic-malware/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/metamorphic-malware/Metamorphic Malware Metamorphic Malware - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/metasploit/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/metasploit/Metasploit Metasploit - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analysis Methods Automated Malware Analysis Maltego Memory Leaks Reverse Engineering Urlvoid Virustotalhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/mfa-bypass-azure-aitm-phishing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/mfa-bypass-azure-aitm-phishing/MFA Bypass Azure AitM Phishing MFA Bypass Azure AitM Phishing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Adversary in the Middle (AitM) via Evilginx Customizing Evilginx OPSEC Configuration Dynamic Device Code Phishing Evilginx Phishlet Development Evilginx URL Rewriting GitHub Device Code Phishing GitLab Device Code Phishing Illicit Consent Grant Invisible Proxy OPSEC Considerations Manual TOTP Harvesting MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy via Cloudflare Workers Microsoft Device Code Phishing Protecting Evilginx Server via Caddyhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/mfa-bypass-building-an-invisible-proxy/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/mfa-bypass-building-an-invisible-proxy/MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Adversary in the Middle (AitM) via Evilginx Customizing Evilginx OPSEC Configuration Dynamic Device Code Phishing Evilginx Phishlet Development Evilginx URL Rewriting GitHub Device Code Phishing GitLab Device Code Phishing Illicit Consent Grant Invisible Proxy OPSEC Considerations Manual TOTP Harvesting MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy via Cloudflare Workers Microsoft Device Code Phishing Protecting Evilginx Server via Caddyhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/mfa-bypass-building-an-invisible-proxy-via-cloudflare-workers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/mfa-bypass-building-an-invisible-proxy-via-cloudflare-workers/MFA Bypass Building an Invisible Proxy via Cloudflare Workers MFA Bypass Building an Invisible Proxy via Cloudflare Workers - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Adversary in the Middle (AitM) via Evilginx Customizing Evilginx OPSEC Configuration Dynamic Device Code Phishing Evilginx Phishlet Development Evilginx URL Rewriting GitHub Device Code Phishing GitLab Device Code Phishing Illicit Consent Grant Invisible Proxy OPSEC Considerations Manual TOTP Harvesting MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy Microsoft Device Code Phishing Protecting Evilginx Server via Caddyhttps://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/microsegmentation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/microsegmentation/Microsegmentation Microsegmentation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DMZ Firewalls Overview Honeypots Jump Server Network Segmentation Port Blocking Zero Trust Architecturehttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/microsoft-device-code-phishing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/microsoft-device-code-phishing/Microsoft Device Code Phishing Microsoft Device Code Phishing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Adversary in the Middle (AitM) via Evilginx Customizing Evilginx OPSEC Configuration Dynamic Device Code Phishing Evilginx Phishlet Development Evilginx URL Rewriting GitHub Device Code Phishing GitLab Device Code Phishing Illicit Consent Grant Invisible Proxy OPSEC Considerations Manual TOTP Harvesting MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy via Cloudflare Workers Protecting Evilginx Server via Caddyhttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/mitm/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/mitm/MITM MITM - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Poisoning Network Attacks Overview Packet Sniffing Exploits Spoofing VLAN Hopping VMescape Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/detection-engineering/mitre-attck-mapping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/detection-engineering/mitre-attck-mapping/MITRE ATT&CK Mapping MITRE ATT&CK Mapping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Detection Engineering Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/mmgetsystemroutineaddress-replacement-string-hashing-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/mmgetsystemroutineaddress-replacement-string-hashing-kernel/Mmgetsystemroutineaddress Replacement String Hashing Kernel Mmgetsystemroutineaddress Replacement String Hashing Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/mmgetsystemroutineaddress-replacement-with-string-hashing-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/mmgetsystemroutineaddress-replacement-with-string-hashing-kernel/Mmgetsystemroutineaddress Replacement with String Hashing Kernel Mmgetsystemroutineaddress Replacement with String Hashing Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/module-overloading/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/module-overloading/Module Overloading Module Overloading - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/module-stomping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/module-stomping/Module Stomping Module Stomping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/monitoring-display-state-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/monitoring-display-state-kernel/Monitoring Display State Kernel Monitoring Display State Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/monitoring-user-presence-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/monitoring-user-presence-kernel/Monitoring User Presence Kernel Monitoring User Presence Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/more-c-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/more-c-fundamentals/More C Fundamentals More C Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/motw-bypass-via-filefix-variations/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/motw-bypass-via-filefix-variations/MOTW Bypass via FileFix Variations MOTW Bypass via FileFix Variations - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing and Evading SmuggleShield HTML Smuggling HTML Smuggling Strategies Integrating Anti-Bot with HTML Smuggling SVG Smuggling WebAssembly Smugglinghttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/move-file-to-startup-folder/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/move-file-to-startup-folder/Move File to Startup Folder Move File to Startup Folder - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/ms-rprn-abuse/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/ms-rprn-abuse/MS-RPRN Abuse MS-RPRN Abuse - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/msgwaitformultipleobjectsex-alertable-function/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/msgwaitformultipleobjectsex-alertable-function/MsgWaitForMultipleObjectsEx Alertable Function MsgWaitForMultipleObjectsEx Alertable Function - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/multiple-alertable-functions/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/multiple-alertable-functions/Multiple Alertable Functions Multiple Alertable Functions - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/multiple-anti-debugging-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/multiple-anti-debugging-techniques/Multiple Anti-Debugging Techniques Multiple Anti-Debugging Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/multiple-anti-debugging-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/multiple-anti-debugging-techniques/Multiple Anti-Debugging Techniques Multiple Anti-Debugging Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/multiple-function-replacements/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/multiple-function-replacements/Multiple Function Replacements Multiple Function Replacements - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/multiple-getmodulehandle-replacement-functions/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/multiple-getmodulehandle-replacement-functions/Multiple GetModuleHandle Replacement Functions Multiple GetModuleHandle Replacement Functions - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/hashing/multiple-hashing-algorithms/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/hashing/multiple-hashing-algorithms/Multiple Hashing Algorithms Multiple Hashing Algorithms - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: CRC DJB2 Lose Lose Hashing Algorithms Hashing Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/multiple-payload-execution-control-methods/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/multiple-payload-execution-control-methods/Multiple Payload Execution Control Methods Multiple Payload Execution Control Methods - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/murmurhash3-string-hashing-algorithm/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/murmurhash3-string-hashing-algorithm/MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/murmurhash3-string-hashing-algorithm-ascii/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/murmurhash3-string-hashing-algorithm-ascii/MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Algorithm ASCII - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/murmurhash3-string-hashing-syscalls-hash-values-nt/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/murmurhash3-string-hashing-syscalls-hash-values-nt/MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 String Hashing Syscalls Hash Values NT - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/murmurhash3-syscalls-hash-values-zw/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/murmurhash3-syscalls-hash-values-zw/MurmurHash3 Syscalls Hash Values ZW MurmurHash3 Syscalls Hash Values ZW - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/murmurhash3-winapis-hash-values/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/murmurhash3-winapis-hash-values/MurmurHash3 WinAPIs Hash Values MurmurHash3 WinAPIs Hash Values - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/named-pipes/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/named-pipes/Named Pipes Named Pipes - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/near-field-communication-nfc-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/near-field-communication-nfc-exploits/Near-Field Communication (NFC) Exploits Near-Field Communication (NFC) Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Acoustic Communication Exploits Bluetooth Exploits Deauth Evil Twin Attacks Infrared Exploits Power Line Communication Exploits Quantum Communication Exploits Radio Frequency Exploits Rogue Access Point Satellite Communication Exploits Ultrasonic Communication Exploits Visible Light Communication Exploits WiFi Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/net-assemblies-patching-systemenvironment.exit/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/net-assemblies-patching-systemenvironment.exit/NET Assemblies Patching SystemEnvironment.Exit NET Assemblies Patching SystemEnvironment.Exit - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/Network Attacks Network Attacks - offensive techniques targeting network infrastructure, protocols, and data in transit to intercept, disrupt, or manipulate communications. DNS Poisoning MITM Network Attacks Overview Packet Sniffing Exploits Spoofing VLAN Hopping VMescape Exploits Related Links: DNS Lookup Host Check ICMP Echo Network Evasion Techniques Network Protocols Port Scanning TCP Port Scan VPNs Wireless and Physical Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/network-attacks-overview/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/network-attacks-overview/Network Attacks Overview Network Attacks Overview - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Poisoning MITM Packet Sniffing Exploits Spoofing VLAN Hopping VMescape Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-evasion-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-evasion-techniques/Network Evasion Techniques Network Evasion Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Lookup Host Check ICMP Echo Network Attacks Network Protocols Port Scanning TCP Port Scan VPNs Wireless and Physical Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/network-evasion-techniques-overview/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/network-evasion-techniques-overview/Network Evasion Techniques Overview Network Evasion Techniques Overview - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/wireshark/network-forensics-with-wireshark/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/wireshark/network-forensics-with-wireshark/Network Forensics with Wireshark Network Forensics with Wireshark - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Protocol Analysis Tcpdump Wireshark Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-protocols/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-protocols/Network Protocols Network Protocols - core networking standards and protocols that define how data is transmitted and received across computer networks. DNS Handshakes HTTPS Networking Networking Fundamentals Subnetting Related Links: DNS Lookup Host Check ICMP Echo Network Attacks Network Evasion Techniques Port Scanning TCP Port Scan VPNs Wireless and Physical Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/Network Security Network Security - the practices and technologies used to protect network infrastructure, data in transit, and communication channels from unauthorized access and attacks. DNS Lookup Host Check ICMP Echo Network Attacks Network Evasion Techniques Network Protocols Port Scanning TCP Port Scan VPNs Wireless and Physical Attacks Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/network-segmentation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/network-segmentation/Network Segmentation Network Segmentation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DMZ Firewalls Overview Honeypots Jump Server Microsegmentation Port Blocking Zero Trust Architecturehttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-protocols/networking/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-protocols/networking/Networking Networking - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Handshakes HTTPS Networking Fundamentals Subnettinghttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-protocols/networking-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-protocols/networking-fundamentals/Networking Fundamentals Networking Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Handshakes HTTPS Networking Subnettinghttps://r0tbyt3.dev/wiki/content/cybersecurity/nginx/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/nginx/Nginx Nginx - a high-performance web server, reverse proxy, and load balancer widely used in phishing infrastructure, C2 redirectors, and web application delivery. Introduction to Nginx Capabilities Nginx Demo Reverse Proxying Nginx Fundamentals Protecting Phishing Servers via Nginx Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/nginx/nginx-demo-reverse-proxying/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/nginx/nginx-demo-reverse-proxying/Nginx Demo Reverse Proxying Nginx Demo Reverse Proxying - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Introduction to Nginx Capabilities Nginx Fundamentals Protecting Phishing Servers via Nginxhttps://r0tbyt3.dev/wiki/content/cybersecurity/nginx/nginx-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/nginx/nginx-fundamentals/Nginx Fundamentals Nginx Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Introduction to Nginx Capabilities Nginx Demo Reverse Proxying Protecting Phishing Servers via Nginxhttps://r0tbyt3.dev/wiki/content/cybersecurity/nmap/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/nmap/Nmap Nmap - a powerful open-source network scanner used for host discovery, port scanning, service version detection, and OS fingerprinting. Nmap Fundamentals Nmap NSE Scripts Port Scanning Techniques Service Detection Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/nmap/nmap-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/nmap/nmap-fundamentals/Nmap Fundamentals Nmap Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Nmap NSE Scripts Port Scanning Techniques Service Detectionhttps://r0tbyt3.dev/wiki/content/cybersecurity/nmap/nmap-nse-scripts/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/nmap/nmap-nse-scripts/Nmap NSE Scripts Nmap NSE Scripts - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Nmap Fundamentals Port Scanning Techniques Service Detectionhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/ntdll-unhooking/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/ntdll-unhooking/NTDLL Unhooking NTDLL Unhooking - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Variants Hardware Hooks NTDLL Unhooking Variants Unhooking All DLLs Utilizing Hardware Breakpoints for Hooking 1 Utilizing Hardware Breakpoints for Hooking 2https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/NTDLL Unhooking and API Hooking NTDLL Unhooking and API Hooking - techniques to restore hooked NTDLL functions or intercept API calls to bypass EDR user-mode hooks. API Hooking Variants Hardware Hooks NTDLL Unhooking NTDLL Unhooking Variants Unhooking All DLLs Utilizing Hardware Breakpoints for Hooking 1 Utilizing Hardware Breakpoints for Hooking 2 Related Links: AMSI Bypass Anti-Analysis Automated Obfuscation Techniques Code Obfuscation Covering Tracks ETW Bypasshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/ntdll-unhooking-variants/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/ntdll-unhooking-variants/NTDLL Unhooking Variants NTDLL Unhooking Variants - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Variants Hardware Hooks NTDLL Unhooking Unhooking All DLLs Utilizing Hardware Breakpoints for Hooking 1 Utilizing Hardware Breakpoints for Hooking 2https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/Obfuscation and Detection Evasion Obfuscation and Detection Evasion - techniques used to conceal malicious code and behavior from security tools, analysts, and automated detection systems. AMSI Bypass Anti-Analysis Automated Obfuscation Techniques Code Obfuscation Covering Tracks ETW Bypass NTDLL Unhooking and API Hooking Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/obfuscation-ipv4fuscation-ipv6fuscation-uuidfuscation-macfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/obfuscation-ipv4fuscation-ipv6fuscation-uuidfuscation-macfuscation/Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/beacon-object-files-bof/object-file-loader-with-module-stomping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/beacon-object-files-bof/object-file-loader-with-module-stomping/Object File Loader with Module Stomping Object File Loader with Module Stomping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: BOF Execution Introduction to BOF LSASS Dump BOF Threadless Shellcode Injection via HWBPs BOF Writing BOF Fileshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/Offensive Phishing Operations Offensive Phishing Operations - the planning, infrastructure, and execution of phishing campaigns to harvest credentials and deliver payloads in controlled engagements. AitM and MFA Bypass Anti-Bot Email Attachments and Phishing Campaigns HTML Smuggling Infrastructure Introduction to Phishing Page Design and Delivery Phishing Anti-Analysis Phishing Requirements Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/open-a-domain-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/open-a-domain-ms-samr/Open a Domain MS-SAMR Open a Domain MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/open-a-group-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/open-a-group-ms-samr/Open a Group MS-SAMR Open a Group MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/open-a-user-account-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/open-a-user-account-ms-samr/Open a User Account MS-SAMR Open a User Account MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/open-an-alias-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/open-an-alias-ms-samr/Open an Alias MS-SAMR Open an Alias MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/open-lsad-policy-handle-ms-lsad/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/open-lsad-policy-handle-ms-lsad/Open LSAD Policy Handle MS-LSAD Open LSAD Policy Handle MS-LSAD - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/operating-systems-for-privacy/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/operating-systems-for-privacy/Operating Systems for Privacy Operating Systems for Privacy - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Privacy Techniques Privacy-Focused Cloud Storage Providers Privacy-Focused Email Providers Privacy-Focused Hardware Devices Privacy-Focused Messaging Apps Privacy-Focused Operating Systems Privacy-Focused Search Engines Privacy-Focused Social Media Platforms Privacy-Focused Software Applications Privacy-Focused VPN Providers Privacy-Focused Web Browsershttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/opsec-failure-directory-listing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/opsec-failure-directory-listing/OPSEC Failure Directory Listing OPSEC Failure Directory Listing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/threat-modeling/osint/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/threat-modeling/osint/OSINT OSINT - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APT Reconnaissance Techniques Supply Chain Attacks Threat Modeling Fundamentals Zero Dayhttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/owasp-top-10/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/owasp-top-10/OWASP Top 10 OWASP Top 10 - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Authentication and Authorization Automated Exploit Generation Automated Vulnerability Discovery Common Exploit Frameworks and Tools Injection Attacks Secure Coding Fundamentals Software Vulnerabilities and Exploits Target-Specific Exploitation Web Based Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/packet-sniffing-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/packet-sniffing-exploits/Packet Sniffing Exploits Packet Sniffing Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Poisoning MITM Network Attacks Overview Spoofing VLAN Hopping VMescape Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/Page Design and Delivery Page Design and Delivery - techniques for creating convincing phishing pages, cloning legitimate sites, and delivering payloads via ClickFix and other vectors. ClickFix Run Dialog Alternatives Cloning Websites via Browser Extension Designing Custom Phishing Pages Integrating Backend Functionality Introduction to Apache Mod Rewrite Introduction to ClickFix Introduction to Flask Living Off Trusted Sites (LOTS) Related Links: AitM and MFA Bypass Anti-Bot Email Attachments and Phishing Campaigns HTML Smuggling Infrastructure Introduction to Phishing Phishing Anti-Analysis Phishing Requirementshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/pass-the-hash/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/pass-the-hash/Pass the Hash Pass the Hash - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Active Directory Fundamentals Group Administration IAM Policies Identity and Access Management Fundamentals Identity Federation Privileged Access Management User Administrationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/patching-the-.net-exit-routine/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/patching-the-.net-exit-routine/Patching the .NET Exit Routine Patching the .NET Exit Routine - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/amsi-bypass/patchless-amsi-bypass-via-hardware-breakpoints/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/amsi-bypass/patchless-amsi-bypass-via-hardware-breakpoints/Patchless AMSI Bypass via Hardware Breakpoints Patchless AMSI Bypass via Hardware Breakpoints - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AMSI Bypass Byte Patching AMSI Evasion AMSI Evasion via Hardware Breakpoint Hooks AMSI Evasion via Patching Introduction to AMSIhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/patchless-etw-bypass-via-hardware-breakpoints/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/patchless-etw-bypass-via-hardware-breakpoints/Patchless ETW Bypass via Hardware Breakpoints Patchless ETW Bypass via Hardware Breakpoints - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ETW Bypass Byte Patching ETW Bypass Improved Patching ETW Discovering ETW Tools ETW Evasion ETW Evasion via NtTraceEvent Patching ETW Evasion via Patching ETW Evasion via Patching EtwpEventWrite ETW Evasion via Patching EtwpEventWrite v2 ETW Evasion via WinAPIs Patching ETW Provider Session Hijacking Introduction to ETWhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/patchless-threadless-injection-via-hardware-breakpoints/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/patchless-threadless-injection-via-hardware-breakpoints/Patchless Threadless Injection via Hardware Breakpoints Patchless Threadless Injection via Hardware Breakpoints - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/Payload and PE Payload and PE - techniques for building, loading, and executing shellcode and PE-format payloads in offensive security implants. APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-encryption-variants/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-encryption-variants/Payload Encryption Variants Payload Encryption Variants - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-control/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-control/Payload Execution Control Payload Execution Control - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-control-via-events/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-control-via-events/Payload Execution Control via Events Payload Execution Control via Events - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-control-via-mutexes/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-control-via-mutexes/Payload Execution Control via Mutexes Payload Execution Control via Mutexes - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-control-via-semaphores/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-control-via-semaphores/Payload Execution Control via Semaphores Payload Execution Control via Semaphores - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-callbacks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-callbacks/Payload Execution via Callbacks Payload Execution via Callbacks - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-certenumsystemstore-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-certenumsystemstore-callback/Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStore Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-certenumsystemstorelocation-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-certenumsystemstorelocation-callback/Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CertEnumSystemStoreLocation Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-copyfileexw-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-copyfileexw-callback/Payload Execution via CopyFileExW Callback Payload Execution via CopyFileExW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-cryptenumoidinfo-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-cryptenumoidinfo-callback/Payload Execution via CryptEnumOIDInfo Callback Payload Execution via CryptEnumOIDInfo Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumcalendarinfow-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumcalendarinfow-callback/Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumCalendarInfoW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumdesktopsw-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumdesktopsw-callback/Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopsW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumdesktopwindows-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumdesktopwindows-callback/Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDesktopWindows Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumdirtreew-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumdirtreew-callback/Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDirTreeW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumdisplaymonitors-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumdisplaymonitors-callback/Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumDisplayMonitors Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumerateloadedmodules-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumerateloadedmodules-callback/Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumerateLoadedModules Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumfontfamiliesw-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumfontfamiliesw-callback/Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontFamiliesW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumfontsw-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumfontsw-callback/Payload Execution via EnumFontsW Callback Payload Execution via EnumFontsW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumlanguagegrouplocalesw-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumlanguagegrouplocalesw-callback/Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumLanguageGroupLocalesW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumobjects-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumobjects-callback/Payload Execution via EnumObjects Callback Payload Execution via EnumObjects Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumpagefilesw-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumpagefilesw-callback/Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPageFilesW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumpropsw-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumpropsw-callback/Payload Execution via EnumPropsW Callback Payload Execution via EnumPropsW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumpwrschemes-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumpwrschemes-callback/Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumPwrSchemes Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumresourcetypesw-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumresourcetypesw-callback/Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumResourceTypesW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumsystemlocalesex-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumsystemlocalesex-callback/Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumSystemLocalesEx Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumthreadwindows-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumthreadwindows-callback/Payload Execution via EnumThreadWindows Callback Payload Execution via EnumThreadWindows Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumtimeformatsex-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumtimeformatsex-callback/Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumTimeFormatsEx Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumwindows-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumwindows-callback/Payload Execution via EnumWindows Callback Payload Execution via EnumWindows Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumwindowstationsw-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumwindowstationsw-callback/Payload Execution via EnumWindowStationsW Callback Payload Execution via EnumWindowStationsW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-fibers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-fibers/Payload Execution via Fibers Payload Execution via Fibers - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-flsalloc-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-flsalloc-callback/Payload Execution via FlsAlloc Callback Payload Execution via FlsAlloc Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-imagegetdigeststream-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-imagegetdigeststream-callback/Payload Execution via ImageGetDigestStream Callback Payload Execution via ImageGetDigestStream Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-immenuminputcontext-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-immenuminputcontext-callback/Payload Execution via ImmEnumInputContext Callback Payload Execution via ImmEnumInputContext Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-initonceexecuteonce-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-initonceexecuteonce-callback/Payload Execution via InitOnceExecuteOnce Callback Payload Execution via InitOnceExecuteOnce Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-symenumprocesses-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-symenumprocesses-callback/Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumProcesses Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-symenumsourcefiles-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-symenumsourcefiles-callback/Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymEnumSourceFiles Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-symfindfileinpath-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-symfindfileinpath-callback/Payload Execution via SymFindFileInPath Callback Payload Execution via SymFindFileInPath Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-injection/Payload Injection Payload Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/payload-obfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/payload-obfuscation/Payload Obfuscation Payload Obfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-obfuscation-and-deobfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-obfuscation-and-deobfuscation/Payload Obfuscation and Deobfuscation Payload Obfuscation and Deobfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-obfuscation-variants/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-obfuscation-variants/Payload Obfuscation Variants Payload Obfuscation Variants - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-placement/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-placement/Payload Placement Payload Placement - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-placement-variants/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-placement-variants/Payload Placement Variants Payload Placement Variants - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-staging/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-staging/Payload Staging Payload Staging - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-staging-via-registry-and-web/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-staging-via-registry-and-web/Payload Staging via Registry and Web Payload Staging via Registry and Web - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/peb-ldr-data-iterator/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/peb-ldr-data-iterator/PEB LDR Data Iterator PEB LDR Data Iterator - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/pefluctuation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/pefluctuation/PEfluctuation PEfluctuation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ekko Sleep Obfuscation with Control Flow Guard Ekko Sleep Obfuscation with Restored File Section Protections Ekko Sleep Obfuscation with RtlEncryptMemory and RtlDecryptMemory Ekko Sleep Obfuscation with Stack Spoofing Heap Encryption with Ekko Sleep Obfuscation Introduction to Ekko Sleep Obfuscation Introduction to Foliage Sleep Obfuscation Introduction to Sleep Obfuscation Zilean Sleep Obfuscation with Stack Duplicationhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/performing-input-validation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/performing-input-validation/Performing Input Validation Performing Input Validation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/permissions/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/permissions/Permissions Permissions - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/Persistence Persistence - techniques used by malware to maintain access to a compromised system across reboots, logoffs, and security tool detections. Abusing WMI for Persistence Introduction to Windows Persistence Persistence via COM Object Hijacking Persistence via Electron Applications Persistence via File System Persistence via Startup Folder Persistence via Windows Registry Persistence via Windows Services Persistence via Windows Tasks Related Links: Beacon Object Files (BOF) C2 and Networking Credential Dumping Malware Concepts Payload and PE Process Injection Sleep Obfuscation Windows Internalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/persistence-techniques-overview/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/persistence-techniques-overview/Persistence Techniques Overview Persistence Techniques Overview - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/persistence-via-com-object-hijacking/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/persistence-via-com-object-hijacking/Persistence via COM Object Hijacking Persistence via COM Object Hijacking - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Abusing WMI for Persistence Introduction to Windows Persistence Persistence via Electron Applications Persistence via File System Persistence via Startup Folder Persistence via Windows Registry Persistence via Windows Services Persistence via Windows Taskshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/persistence-via-electron-applications/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/persistence-via-electron-applications/Persistence via Electron Applications Persistence via Electron Applications - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Abusing WMI for Persistence Introduction to Windows Persistence Persistence via COM Object Hijacking Persistence via File System Persistence via Startup Folder Persistence via Windows Registry Persistence via Windows Services Persistence via Windows Taskshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/persistence-via-file-system/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/persistence-via-file-system/Persistence via File System Persistence via File System - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Abusing WMI for Persistence Introduction to Windows Persistence Persistence via COM Object Hijacking Persistence via Electron Applications Persistence via Startup Folder Persistence via Windows Registry Persistence via Windows Services Persistence via Windows Taskshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/persistence-via-startup-folder/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/persistence-via-startup-folder/Persistence via Startup Folder Persistence via Startup Folder - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Abusing WMI for Persistence Introduction to Windows Persistence Persistence via COM Object Hijacking Persistence via Electron Applications Persistence via File System Persistence via Windows Registry Persistence via Windows Services Persistence via Windows Taskshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/persistence-via-startup-folder/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/persistence-via-startup-folder/Persistence via Startup Folder Persistence via Startup Folder - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/persistence-via-windows-registry/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/persistence-via-windows-registry/Persistence via Windows Registry Persistence via Windows Registry - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Abusing WMI for Persistence Introduction to Windows Persistence Persistence via COM Object Hijacking Persistence via Electron Applications Persistence via File System Persistence via Startup Folder Persistence via Windows Services Persistence via Windows Taskshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/persistence-via-windows-services/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/persistence-via-windows-services/Persistence via Windows Services Persistence via Windows Services - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Abusing WMI for Persistence Introduction to Windows Persistence Persistence via COM Object Hijacking Persistence via Electron Applications Persistence via File System Persistence via Startup Folder Persistence via Windows Registry Persistence via Windows Taskshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/persistence-via-windows-tasks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/persistence-via-windows-tasks/Persistence via Windows Tasks Persistence via Windows Tasks - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Abusing WMI for Persistence Introduction to Windows Persistence Persistence via COM Object Hijacking Persistence via Electron Applications Persistence via File System Persistence via Startup Folder Persistence via Windows Registry Persistence via Windows Serviceshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/Phishing Anti-Analysis Phishing Anti-Analysis - techniques to detect and evade automated phishing page scanners, security analysts, and threat intelligence crawlers. Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Examples Related Links: AitM and MFA Bypass Anti-Bot Email Attachments and Phishing Campaigns HTML Smuggling Infrastructure Introduction to Phishing Page Design and Delivery Phishing Requirementshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/phishing-detection-methods/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/phishing-detection-methods/Phishing Detection Methods Phishing Detection Methods - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/digital-social-engineering/phishing-overview/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/digital-social-engineering/phishing-overview/Phishing Overview Phishing Overview - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Business Email Compromise Drive-By Downloads File Sharing and Removable Media Typo Squatting Watering Hole Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-requirements/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-requirements/Phishing Requirements Phishing Requirements - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AitM and MFA Bypass Anti-Bot Email Attachments and Phishing Campaigns HTML Smuggling Infrastructure Introduction to Phishing Page Design and Delivery Phishing Anti-Analysishttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/physical-social-engineering/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/physical-social-engineering/Physical Social Engineering Physical Social Engineering - in-person deception and manipulation techniques that exploit physical access, trust, and human behavior. Dumpster Diving Impersonation Techniques Lock Picking Pretexting Related Links: Automated Social Engineering Techniques Automated Spear Phishing Email Generation Digital Social Engineering Social Engineering Fundamentals Social Engineering Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/linux-operating-system/ping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/linux-operating-system/ping/Ping Ping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ipconfig and Ifconfig Kali vs Parrot vs BlackArch vs Qubes Linux Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/pjw-string-hashing-algorithm/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/pjw-string-hashing-algorithm/PJW String Hashing Algorithm PJW String Hashing Algorithm - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/pjw-string-hashing-algorithm-ascii/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/pjw-string-hashing-algorithm-ascii/PJW String Hashing Algorithm ASCII PJW String Hashing Algorithm ASCII - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/pjw-string-hashing-syscalls-hash-values-nt/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/pjw-string-hashing-syscalls-hash-values-nt/PJW String Hashing Syscalls Hash Values NT PJW String Hashing Syscalls Hash Values NT - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/pjw-syscalls-hash-values-zw/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/pjw-syscalls-hash-values-zw/PJW Syscalls Hash Values ZW PJW Syscalls Hash Values ZW - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/pjw-winapis-hash-values/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/pjw-winapis-hash-values/PJW WinAPIs Hash Values PJW WinAPIs Hash Values - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/polymorphic-and-metamorphic-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/polymorphic-and-metamorphic-techniques/Polymorphic and Metamorphic Techniques Polymorphic and Metamorphic Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/polymorphic-malware/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/polymorphic-malware/Polymorphic Malware Polymorphic Malware - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/port-blocking/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/port-blocking/Port Blocking Port Blocking - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DMZ Firewalls Overview Honeypots Jump Server Microsegmentation Network Segmentation Zero Trust Architecturehttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/port-scanning/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/port-scanning/Port Scanning Port Scanning - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Lookup Host Check ICMP Echo Network Attacks Network Evasion Techniques Network Protocols TCP Port Scan VPNs Wireless and Physical Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/nmap/port-scanning-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/nmap/port-scanning-techniques/Port Scanning Techniques Port Scanning Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Nmap Fundamentals Nmap NSE Scripts Service Detectionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/portable-pe-headers-retrieval/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/portable-pe-headers-retrieval/Portable PE Headers Retrieval Portable PE Headers Retrieval - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/power-line-communication-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/power-line-communication-exploits/Power Line Communication Exploits Power Line Communication Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Acoustic Communication Exploits Bluetooth Exploits Deauth Evil Twin Attacks Infrared Exploits Near-Field Communication (NFC) Exploits Quantum Communication Exploits Radio Frequency Exploits Rogue Access Point Satellite Communication Exploits Ultrasonic Communication Exploits Visible Light Communication Exploits WiFi Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/powershell/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/powershell/PowerShell PowerShell - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/powershell-execution-via-.net-hosting-api/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/powershell-execution-via-.net-hosting-api/PowerShell Execution via .NET Hosting API PowerShell Execution via .NET Hosting API - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes Proxy Execute NtAllocateVirtualMemory with Timer APIs Proxy Execute NtAllocateVirtualMemory with Work Item APIs Proxy Execute NtCreateThreadEx with Work Item APIs Reverse Shell Reverse Shells Overview Running JScript Code in Memory Send Keystrokes to Remote Server Shell Execution SignalObjectAndWait Alertable Function SleepEx Alertable Function Upload File via SMB User Shared Data Delay WaitForMultipleObjectsEx Alertable Function WaitForSingleObjectEx Alertable Function WMI Queryhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/powershell-security/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/powershell-security/PowerShell Security PowerShell Security - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/ppid-spoofing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/ppid-spoofing/PPID Spoofing PPID Spoofing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/practical-phishing-detection-examples/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/practical-phishing-detection-examples/Practical Phishing Detection Examples Practical Phishing Detection Examples - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methodshttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/physical-social-engineering/pretexting/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/physical-social-engineering/pretexting/Pretexting Pretexting - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Dumpster Diving Impersonation Techniques Lock Pickinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/print-a-hexadecimal-array/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/print-a-hexadecimal-array/Print a Hexadecimal Array Print a Hexadecimal Array - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/print-os-version/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/print-os-version/Print OS Version Print OS Version - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/print-os-version/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/print-os-version/Print OS Version Print OS Version - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/Privacy Privacy - technologies, tools, and techniques for protecting personal data and maintaining anonymity in digital environments. Operating Systems for Privacy Privacy Techniques Privacy-Focused Cloud Storage Providers Privacy-Focused Email Providers Privacy-Focused Hardware Devices Privacy-Focused Messaging Apps Privacy-Focused Operating Systems Privacy-Focused Search Engines Privacy-Focused Social Media Platforms Privacy-Focused Software Applications Privacy-Focused VPN Providers Privacy-Focused Web Browsers Related Links: CIA Triad Information Security Models Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-techniques/Privacy Techniques Privacy Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Operating Systems for Privacy Privacy-Focused Cloud Storage Providers Privacy-Focused Email Providers Privacy-Focused Hardware Devices Privacy-Focused Messaging Apps Privacy-Focused Operating Systems Privacy-Focused Search Engines Privacy-Focused Social Media Platforms Privacy-Focused Software Applications Privacy-Focused VPN Providers Privacy-Focused Web Browsershttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-cloud-storage-providers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-cloud-storage-providers/Privacy-Focused Cloud Storage Providers Privacy-Focused Cloud Storage Providers - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Operating Systems for Privacy Privacy Techniques Privacy-Focused Email Providers Privacy-Focused Hardware Devices Privacy-Focused Messaging Apps Privacy-Focused Operating Systems Privacy-Focused Search Engines Privacy-Focused Social Media Platforms Privacy-Focused Software Applications Privacy-Focused VPN Providers Privacy-Focused Web Browsershttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-email-providers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-email-providers/Privacy-Focused Email Providers Privacy-Focused Email Providers - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Operating Systems for Privacy Privacy Techniques Privacy-Focused Cloud Storage Providers Privacy-Focused Hardware Devices Privacy-Focused Messaging Apps Privacy-Focused Operating Systems Privacy-Focused Search Engines Privacy-Focused Social Media Platforms Privacy-Focused Software Applications Privacy-Focused VPN Providers Privacy-Focused Web Browsershttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-hardware-devices/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-hardware-devices/Privacy-Focused Hardware Devices Privacy-Focused Hardware Devices - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Operating Systems for Privacy Privacy Techniques Privacy-Focused Cloud Storage Providers Privacy-Focused Email Providers Privacy-Focused Messaging Apps Privacy-Focused Operating Systems Privacy-Focused Search Engines Privacy-Focused Social Media Platforms Privacy-Focused Software Applications Privacy-Focused VPN Providers Privacy-Focused Web Browsershttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-messaging-apps/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-messaging-apps/Privacy-Focused Messaging Apps Privacy-Focused Messaging Apps - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Operating Systems for Privacy Privacy Techniques Privacy-Focused Cloud Storage Providers Privacy-Focused Email Providers Privacy-Focused Hardware Devices Privacy-Focused Operating Systems Privacy-Focused Search Engines Privacy-Focused Social Media Platforms Privacy-Focused Software Applications Privacy-Focused VPN Providers Privacy-Focused Web Browsershttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-operating-systems/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-operating-systems/Privacy-Focused Operating Systems Privacy-Focused Operating Systems - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Operating Systems for Privacy Privacy Techniques Privacy-Focused Cloud Storage Providers Privacy-Focused Email Providers Privacy-Focused Hardware Devices Privacy-Focused Messaging Apps Privacy-Focused Search Engines Privacy-Focused Social Media Platforms Privacy-Focused Software Applications Privacy-Focused VPN Providers Privacy-Focused Web Browsershttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-search-engines/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-search-engines/Privacy-Focused Search Engines Privacy-Focused Search Engines - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Operating Systems for Privacy Privacy Techniques Privacy-Focused Cloud Storage Providers Privacy-Focused Email Providers Privacy-Focused Hardware Devices Privacy-Focused Messaging Apps Privacy-Focused Operating Systems Privacy-Focused Social Media Platforms Privacy-Focused Software Applications Privacy-Focused VPN Providers Privacy-Focused Web Browsershttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-social-media-platforms/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-social-media-platforms/Privacy-Focused Social Media Platforms Privacy-Focused Social Media Platforms - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Operating Systems for Privacy Privacy Techniques Privacy-Focused Cloud Storage Providers Privacy-Focused Email Providers Privacy-Focused Hardware Devices Privacy-Focused Messaging Apps Privacy-Focused Operating Systems Privacy-Focused Search Engines Privacy-Focused Software Applications Privacy-Focused VPN Providers Privacy-Focused Web Browsershttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-software-applications/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-software-applications/Privacy-Focused Software Applications Privacy-Focused Software Applications - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Operating Systems for Privacy Privacy Techniques Privacy-Focused Cloud Storage Providers Privacy-Focused Email Providers Privacy-Focused Hardware Devices Privacy-Focused Messaging Apps Privacy-Focused Operating Systems Privacy-Focused Search Engines Privacy-Focused Social Media Platforms Privacy-Focused VPN Providers Privacy-Focused Web Browsershttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-vpn-providers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-vpn-providers/Privacy-Focused VPN Providers Privacy-Focused VPN Providers - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Operating Systems for Privacy Privacy Techniques Privacy-Focused Cloud Storage Providers Privacy-Focused Email Providers Privacy-Focused Hardware Devices Privacy-Focused Messaging Apps Privacy-Focused Operating Systems Privacy-Focused Search Engines Privacy-Focused Social Media Platforms Privacy-Focused Software Applications Privacy-Focused Web Browsershttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-web-browsers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-web-browsers/Privacy-Focused Web Browsers Privacy-Focused Web Browsers - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Operating Systems for Privacy Privacy Techniques Privacy-Focused Cloud Storage Providers Privacy-Focused Email Providers Privacy-Focused Hardware Devices Privacy-Focused Messaging Apps Privacy-Focused Operating Systems Privacy-Focused Search Engines Privacy-Focused Social Media Platforms Privacy-Focused Software Applications Privacy-Focused VPN Providershttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/privilege-escalation-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/privilege-escalation-techniques/Privilege Escalation Techniques Privilege Escalation Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/privilege-query/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/privilege-query/Privilege Query Privilege Query - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/privileged-access-management/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/privileged-access-management/Privileged Access Management Privileged Access Management - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Active Directory Fundamentals Group Administration IAM Policies Identity and Access Management Fundamentals Identity Federation Pass the Hash User Administrationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/process-creation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/process-creation/Process Creation Process Creation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/process-enumeration/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/process-enumeration/Process Enumeration Process Enumeration - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/process-enumeration-via-zwquerysysteminformation-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/process-enumeration-via-zwquerysysteminformation-kernel/Process Enumeration via ZwQuerySystemInformation Kernel Process Enumeration via ZwQuerySystemInformation Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/process-hollowing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/process-hollowing/Process Hollowing Process Hollowing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/process-hypnosis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/process-hypnosis/Process Hypnosis Process Hypnosis - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/Process Injection Process Injection - techniques for executing arbitrary code inside the address space of a legitimate process to evade detection and gain privileges. API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Execution Related Links: Beacon Object Files (BOF) C2 and Networking Credential Dumping Malware Concepts Payload and PE Persistence Sleep Obfuscation Windows Internalshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/protecting-evilginx-server-via-caddy/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/protecting-evilginx-server-via-caddy/Protecting Evilginx Server via Caddy Protecting Evilginx Server via Caddy - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Adversary in the Middle (AitM) via Evilginx Customizing Evilginx OPSEC Configuration Dynamic Device Code Phishing Evilginx Phishlet Development Evilginx URL Rewriting GitHub Device Code Phishing GitLab Device Code Phishing Illicit Consent Grant Invisible Proxy OPSEC Considerations Manual TOTP Harvesting MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy via Cloudflare Workers Microsoft Device Code Phishinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/protecting-phishing-servers-via-caddy/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/protecting-phishing-servers-via-caddy/Protecting Phishing Servers via Caddy Protecting Phishing Servers via Caddy - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/protecting-phishing-servers-via-mod-rewrite/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/protecting-phishing-servers-via-mod-rewrite/Protecting Phishing Servers via Mod Rewrite Protecting Phishing Servers via Mod Rewrite - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/nginx/protecting-phishing-servers-via-nginx/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/nginx/protecting-phishing-servers-via-nginx/Protecting Phishing Servers via Nginx Protecting Phishing Servers via Nginx - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Introduction to Nginx Capabilities Nginx Demo Reverse Proxying Nginx Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/wireshark/protocol-analysis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/wireshark/protocol-analysis/Protocol Analysis Protocol Analysis - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Network Forensics with Wireshark Tcpdump Wireshark Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/proxy-execute-ntallocatevirtualmemory-with-timer-apis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/proxy-execute-ntallocatevirtualmemory-with-timer-apis/Proxy Execute NtAllocateVirtualMemory with Timer APIs Proxy Execute NtAllocateVirtualMemory with Timer APIs - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/proxy-execute-ntallocatevirtualmemory-with-timer-apis-c/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/proxy-execute-ntallocatevirtualmemory-with-timer-apis-c/Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Timer APIs C - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/proxy-execute-ntallocatevirtualmemory-with-work-item-apis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/proxy-execute-ntallocatevirtualmemory-with-work-item-apis/Proxy Execute NtAllocateVirtualMemory with Work Item APIs Proxy Execute NtAllocateVirtualMemory with Work Item APIs - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/proxy-execute-ntallocatevirtualmemory-with-work-item-apis-c/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/proxy-execute-ntallocatevirtualmemory-with-work-item-apis-c/Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/proxy-execute-ntcreatethreadex-with-work-item-apis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/proxy-execute-ntcreatethreadex-with-work-item-apis/Proxy Execute NtCreateThreadEx with Work Item APIs Proxy Execute NtCreateThreadEx with Work Item APIs - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/proxy-execute-ntcreatethreadex-with-work-item-apis-c/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/proxy-execute-ntcreatethreadex-with-work-item-apis-c/Proxy Execute NtCreateThreadEx with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/python-for-malware-development/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/python-for-malware-development/Python for Malware Development Python for Malware Development - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/python-jail-breaking/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/python-jail-breaking/Python Jail Breaking Python Jail Breaking - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/quantum-communication-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/quantum-communication-exploits/Quantum Communication Exploits Quantum Communication Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Acoustic Communication Exploits Bluetooth Exploits Deauth Evil Twin Attacks Infrared Exploits Near-Field Communication (NFC) Exploits Power Line Communication Exploits Radio Frequency Exploits Rogue Access Point Satellite Communication Exploits Ultrasonic Communication Exploits Visible Light Communication Exploits WiFi Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-active-directory-site-name-ms-nrpc/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-active-directory-site-name-ms-nrpc/Query Active Directory Site Name MS-NRPC Query Active Directory Site Name MS-NRPC - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-cfg-status/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-cfg-status/Query CFG Status Query CFG Status - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-dns-domain-information-ms-lsad/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-dns-domain-information-ms-lsad/Query DNS Domain Information MS-LSAD Query DNS Domain Information MS-LSAD - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-domain-controller-information-ms-nrpc/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-domain-controller-information-ms-nrpc/Query Domain Controller Information MS-NRPC Query Domain Controller Information MS-NRPC - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-dssp-operation-state-ms-dssp/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-dssp-operation-state-ms-dssp/Query DSSP Operation State MS-DSSP Query DSSP Operation State MS-DSSP - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-dssp-primary-domain-info-ms-dssp/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-dssp-primary-domain-info-ms-dssp/Query DSSP Primary Domain Info MS-DSSP Query DSSP Primary Domain Info MS-DSSP - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-dssp-upgrade-status-ms-dssp/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-dssp-upgrade-status-ms-dssp/Query DSSP Upgrade Status MS-DSSP Query DSSP Upgrade Status MS-DSSP - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/query-extended-service-status/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/query-extended-service-status/Query Extended Service Status Query Extended Service Status - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-extended-service-status-ms-scmr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-extended-service-status-ms-scmr/Query Extended Service Status MS-SCMR Query Extended Service Status MS-SCMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/query-remote-registry-key/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/query-remote-registry-key/Query Remote Registry Key Query Remote Registry Key - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/query-remote-service/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/query-remote-service/Query Remote Service Query Remote Service - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-rpc-runtime-statistics-c706-mgmt/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-rpc-runtime-statistics-c706-mgmt/Query RPC Runtime Statistics C706-MGMT Query RPC Runtime Statistics C706-MGMT - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/query-service-configuration-ms-scmr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/query-service-configuration-ms-scmr/Query Service Configuration MS-SCMR Query Service Configuration MS-SCMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-smb-share-permissions/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-smb-share-permissions/Query SMB Share Permissions Query SMB Share Permissions - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-user-account-control-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-user-account-control-ms-samr/Query User Account Control MS-SAMR Query User Account Control MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-user-general-info-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-user-general-info-ms-samr/Query User General Info MS-SAMR Query User General Info MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-user-home-info-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-user-home-info-ms-samr/Query User Home Info MS-SAMR Query User Home Info MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-user-logon-info-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-user-logon-info-ms-samr/Query User Logon Info MS-SAMR Query User Logon Info MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-user-parameters-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-user-parameters-ms-samr/Query User Parameters MS-SAMR Query User Parameters MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-user-preferences-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-user-preferences-ms-samr/Query User Preferences MS-SAMR Query User Preferences MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-username-info-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-username-info-ms-samr/Query Username Info MS-SAMR Query Username Info MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/radio-frequency-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/radio-frequency-exploits/Radio Frequency Exploits Radio Frequency Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Acoustic Communication Exploits Bluetooth Exploits Deauth Evil Twin Attacks Infrared Exploits Near-Field Communication (NFC) Exploits Power Line Communication Exploits Quantum Communication Exploits Rogue Access Point Satellite Communication Exploits Ultrasonic Communication Exploits Visible Light Communication Exploits WiFi Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/random-key-generation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/random-key-generation/Random Key Generation Random Key Generation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Base N Encoder Entropy Reduction Brute Forcing Key Decryption Caesar Cipher Encryption Decryption ChaCha20 Encryption Algorithm Data Encryption Techniques Encryption Fundamentals Generating Encryption Keys Without WinAPI Calls RC4 SystemFunction040 Encryption Decryption XOR Encryption Decryption via Multi-Byte Key XOR Encryption Decryption via Single Bytehttps://r0tbyt3.dev/wiki/content/cybersecurity/ransomware/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/ransomware/Ransomware Ransomware - malware that encrypts victim data and demands payment for decryption keys, studied here from a development and defensive perspective. Automated Ransomware Development Deleting Shadow Copies and System Restore Points File Encryption File Enumeration Legal and Ethical Considerations Ransomware Emulation Ransomware Overview Windows Internals for Ransomware Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/rc4/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/rc4/RC4 RC4 - a stream cipher algorithm and its various implementation approaches for use in offensive security tools. RC4 Decryption Encryption via Custom RC4 Algorithm RC4 Decryption Encryption via NTAPI RC4 Encryption Decryption Related Links: AES Base N Encoder Entropy Reduction Brute Forcing Key Decryption Caesar Cipher Encryption Decryption ChaCha20 Encryption Algorithm Data Encryption Techniques Encryption Fundamentals Generating Encryption Keys Without WinAPI Calls Random Key Generation SystemFunction040 Encryption Decryption XOR Encryption Decryption via Multi-Byte Key XOR Encryption Decryption via Single Bytehttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/rc4/rc4-decryption-encryption-via-custom-rc4-algorithm/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/rc4/rc4-decryption-encryption-via-custom-rc4-algorithm/RC4 Decryption Encryption via Custom RC4 Algorithm RC4 Decryption Encryption via Custom RC4 Algorithm - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: RC4 Decryption Encryption via NTAPI RC4 Encryption Decryptionhttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/rc4/rc4-decryption-encryption-via-ntapi/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/rc4/rc4-decryption-encryption-via-ntapi/RC4 Decryption Encryption via NTAPI RC4 Decryption Encryption via NTAPI - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: RC4 Decryption Encryption via Custom RC4 Algorithm RC4 Encryption Decryptionhttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/rc4/rc4-encryption-decryption/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/rc4/rc4-encryption-decryption/RC4 Encryption Decryption RC4 Encryption Decryption - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: RC4 Decryption Encryption via Custom RC4 Algorithm RC4 Decryption Encryption via NTAPIhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/read-clipboard-data/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/read-clipboard-data/Read Clipboard Data Read Clipboard Data - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/read-process-memory-via-pread/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/read-process-memory-via-pread/Read Process Memory via Pread Read Process Memory via Pread - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/reading-a-file-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/reading-a-file-kernel/Reading a File Kernel Reading a File Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/threat-modeling/reconnaissance-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/threat-modeling/reconnaissance-techniques/Reconnaissance Techniques Reconnaissance Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APT OSINT Supply Chain Attacks Threat Modeling Fundamentals Zero Dayhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/reflective-dll-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/reflective-dll-injection/Reflective DLL Injection Reflective DLL Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/registry-interaction/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/registry-interaction/Registry Interaction Registry Interaction - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/registry-key-interaction/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/registry-key-interaction/Registry Key Interaction Registry Key Interaction - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/registry-kill-switch/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/registry-kill-switch/Registry Kill Switch Registry Kill Switch - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breakinghttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/registry-modifications/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/registry-modifications/Registry Modifications Registry Modifications - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/reimplementing-injection-via-syscalls/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/reimplementing-injection-via-syscalls/Reimplementing Injection via Syscalls Reimplementing Injection via Syscalls - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-apc-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-apc-injection/Remote APC Injection Remote APC Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-dll-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-dll-injection/Remote DLL Injection Remote DLL Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-function-stomping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-function-stomping/Remote Function Stomping Remote Function Stomping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-mapping-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-mapping-injection/Remote Mapping Injection Remote Mapping Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-module-stomping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-module-stomping/Remote Module Stomping Remote Module Stomping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/remote-payload-execution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/remote-payload-execution/Remote Payload Execution Remote Payload Execution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-payload-execution-via-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-payload-execution-via-injection/Remote Payload Execution via Injection Remote Payload Execution via Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/burp-suite/repeater/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/burp-suite/repeater/Repeater Repeater - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Burp Suite Fundamentals Intercepting Proxy Intruder Scannerhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/resolve-names-to-rids-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/resolve-names-to-rids-ms-samr/Resolve Names to RIDs MS-SAMR Resolve Names to RIDs MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/resolve-rids-to-names-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/resolve-rids-to-names-ms-samr/Resolve RIDs to Names MS-SAMR Resolve RIDs to Names MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-domain-computers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-domain-computers/Retrieve Domain Computers Retrieve Domain Computers - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-domain-groups/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-domain-groups/Retrieve Domain Groups Retrieve Domain Groups - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-domain-user-descriptions/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-domain-user-descriptions/Retrieve Domain User Descriptions Retrieve Domain User Descriptions - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-domain-users-with-all-attributes/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-domain-users-with-all-attributes/Retrieve Domain Users with All Attributes Retrieve Domain Users with All Attributes - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-mac-address-via-netbios/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-mac-address-via-netbios/Retrieve MAC Address via NetBIOS Retrieve MAC Address via NetBIOS - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-ms-ds-machineaccountquota/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-ms-ds-machineaccountquota/Retrieve MS-DS-MachineAccountQuota Retrieve MS-DS-MachineAccountQuota - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-private-data-ms-lsad/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-private-data-ms-lsad/Retrieve Private Data MS-LSAD Retrieve Private Data MS-LSAD - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-txt-records/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-txt-records/Retrieve TXT Records Retrieve TXT Records - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/retrieving-kernel-version/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/retrieving-kernel-version/Retrieving Kernel Version Retrieving Kernel Version - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/retrieving-process-identifier-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/retrieving-process-identifier-kernel/Retrieving Process Identifier Kernel Retrieving Process Identifier Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/retrieving-process-image-base-address-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/retrieving-process-image-base-address-kernel/Retrieving Process Image Base Address Kernel Retrieving Process Image Base Address Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/retrieving-process-name-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/retrieving-process-name-kernel/Retrieving Process Name Kernel Retrieving Process Name Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/retrieving-process-parent-id-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/retrieving-process-parent-id-kernel/Retrieving Process Parent ID Kernel Retrieving Process Parent ID Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/retrieving-process-session-id-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/retrieving-process-session-id-kernel/Retrieving Process Session ID Kernel Retrieving Process Session ID Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/retrieving-the-address-of-an-unexported-zw-api-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/retrieving-the-address-of-an-unexported-zw-api-kernel/Retrieving the Address of an Unexported ZW API Kernel Retrieving the Address of an Unexported ZW API Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/reverse-engineering/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/reverse-engineering/Reverse Engineering Reverse Engineering - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analysis Methods Automated Malware Analysis Maltego Memory Leaks Metasploit Urlvoid Virustotalhttps://r0tbyt3.dev/wiki/content/cybersecurity/ghidra/reverse-engineering-with-ghidra/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/ghidra/reverse-engineering-with-ghidra/Reverse Engineering with Ghidra Reverse Engineering with Ghidra - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ghidra Fundamentals Ghidra Scripting Static Analysis with Ghidrahttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/reverse-shell/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/reverse-shell/Reverse Shell Reverse Shell - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/reverse-shells-overview/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/reverse-shells-overview/Reverse Shells Overview Reverse Shells Overview - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/rid-to-sid-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/rid-to-sid-ms-samr/RID to SID MS-SAMR RID to SID MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/rogue-access-point/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/rogue-access-point/Rogue Access Point Rogue Access Point - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Acoustic Communication Exploits Bluetooth Exploits Deauth Evil Twin Attacks Infrared Exploits Near-Field Communication (NFC) Exploits Power Line Communication Exploits Quantum Communication Exploits Radio Frequency Exploits Satellite Communication Exploits Ultrasonic Communication Exploits Visible Light Communication Exploits WiFi Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/rootkits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/rootkits/Rootkits Rootkits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/rootkits-and-bootkits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/rootkits-and-bootkits/Rootkits and Bootkits Rootkits and Bootkits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/rop-hellshall/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/rop-hellshall/ROP Hellshall ROP Hellshall - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/running-jscript-code-in-memory/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/running-jscript-code-in-memory/Running JScript Code in Memory Running JScript Code in Memory - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/runpe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/runpe/RunPE RunPE - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/sandbox-evasion-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/sandbox-evasion-techniques/Sandbox Evasion Techniques Sandbox Evasion Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/satellite-communication-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/satellite-communication-exploits/Satellite Communication Exploits Satellite Communication Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Acoustic Communication Exploits Bluetooth Exploits Deauth Evil Twin Attacks Infrared Exploits Near-Field Communication (NFC) Exploits Power Line Communication Exploits Quantum Communication Exploits Radio Frequency Exploits Rogue Access Point Ultrasonic Communication Exploits Visible Light Communication Exploits WiFi Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/burp-suite/scanner/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/burp-suite/scanner/Scanner Scanner - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Burp Suite Fundamentals Intercepting Proxy Intruder Repeaterhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/scheduled-tasks-and-cron-jobs/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/scheduled-tasks-and-cron-jobs/Scheduled Tasks and Cron Jobs Scheduled Tasks and Cron Jobs - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/screen-capture-to-bmp/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/screen-capture-to-bmp/Screen Capture to BMP Screen Capture to BMP - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/sdbm-string-hashing-algorithm/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/sdbm-string-hashing-algorithm/SDBM String Hashing Algorithm SDBM String Hashing Algorithm - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/sdbm-string-hashing-algorithm-ascii/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/sdbm-string-hashing-algorithm-ascii/SDBM String Hashing Algorithm ASCII SDBM String Hashing Algorithm ASCII - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/sdbm-string-hashing-syscalls-hash-values-nt/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/sdbm-string-hashing-syscalls-hash-values-nt/SDBM String Hashing Syscalls Hash Values NT SDBM String Hashing Syscalls Hash Values NT - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/sdbm-syscalls-hash-values-zw/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/sdbm-syscalls-hash-values-zw/SDBM Syscalls Hash Values ZW SDBM Syscalls Hash Values ZW - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/sdbm-winapis-hash-values/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/sdbm-winapis-hash-values/SDBM WinAPIs Hash Values SDBM WinAPIs Hash Values - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/secure-coding-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/secure-coding-fundamentals/Secure Coding Fundamentals Secure Coding Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Authentication and Authorization Automated Exploit Generation Automated Vulnerability Discovery Common Exploit Frameworks and Tools Injection Attacks OWASP Top 10 Software Vulnerabilities and Exploits Target-Specific Exploitation Web Based Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/cryptography/secure-communication-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/cryptography/secure-communication-techniques/Secure Communication Techniques Secure Communication Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Cryptographic Algorithms Cryptography Fundamentals Data Anonymization Techniques Data Masking Techniques Steganographyhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/secure-ssh-configuration/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/secure-ssh-configuration/Secure SSH Configuration Secure SSH Configuration - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/securing-server-blocking-direct-ip-access/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/securing-server-blocking-direct-ip-access/Securing Server Blocking Direct IP Access Securing Server Blocking Direct IP Access - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/securing-server-removing-verbose-information/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/securing-server-removing-verbose-information/Securing Server Removing Verbose Information Securing Server Removing Verbose Information - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/securing-server-restrict-http-access/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/securing-server-restrict-http-access/Securing Server Restrict HTTP Access Securing Server Restrict HTTP Access - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/securing-server-via-cloudflare/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/securing-server-via-cloudflare/Securing Server via Cloudflare Securing Server via Cloudflare - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/self-deletion/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/self-deletion/Self Deletion Self Deletion - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/self-deletion-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/self-deletion-techniques/Self-Deletion Techniques Self-Deletion Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Forensic Techniques Covering Tracks Techniques Data Destruction Techniques File Time Stomping Log Tampering Techniques Shadow Copy Deletion Timestomping Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/send-keystrokes-to-remote-server/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/send-keystrokes-to-remote-server/Send Keystrokes to Remote Server Send Keystrokes to Remote Server - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/serverless-phishing-cloudflare-worker/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/serverless-phishing-cloudflare-worker/Serverless Phishing Cloudflare Worker Serverless Phishing Cloudflare Worker - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/service-control-manager-interaction/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/service-control-manager-interaction/Service Control Manager Interaction Service Control Manager Interaction - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/service-creation-and-manipulation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/service-creation-and-manipulation/Service Creation and Manipulation Service Creation and Manipulation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/nmap/service-detection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/nmap/service-detection/Service Detection Service Detection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Nmap Fundamentals Nmap NSE Scripts Port Scanning Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/set-privilege-via-adjusttokenprivileges/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/set-privilege-via-adjusttokenprivileges/Set Privilege via AdjustTokenPrivileges Set Privilege via AdjustTokenPrivileges - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/set-privilege-via-rtladjustprivilege/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/set-privilege-via-rtladjustprivilege/Set Privilege via RtlAdjustPrivilege Set Privilege via RtlAdjustPrivilege - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/shadow-copy-deletion/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/shadow-copy-deletion/Shadow Copy Deletion Shadow Copy Deletion - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Forensic Techniques Covering Tracks Techniques Data Destruction Techniques File Time Stomping Log Tampering Techniques Self-Deletion Techniques Timestomping Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/share-enumeration/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/share-enumeration/Share Enumeration Share Enumeration - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMRhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/shell-execution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/shell-execution/Shell Execution Shell Execution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/shellcode-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/shellcode-injection/Shellcode Injection Shellcode Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/shellcode-injection-via-zwcreatethreadex-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/shellcode-injection-via-zwcreatethreadex-kernel/Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Injection via ZwCreateThreadEx Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/shellcode-injection-via-zwcreatethreadex-kernel-internals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/shellcode-injection-via-zwcreatethreadex-kernel-internals/Shellcode Injection via ZwCreateThreadEx Kernel Internals Shellcode Injection via ZwCreateThreadEx Kernel Internals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/shellcode-reflective-dll-injection-srdi/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/shellcode-reflective-dll-injection-srdi/Shellcode Reflective DLL Injection (sRDI) Shellcode Reflective DLL Injection (sRDI) - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/shellcode-reflective-dll-injection-srdi-technique/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/shellcode-reflective-dll-injection-srdi-technique/Shellcode Reflective DLL Injection (sRDI) Technique Shellcode Reflective DLL Injection (sRDI) Technique - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/shellcoding-a-reverse-shell/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/shellcoding-a-reverse-shell/Shellcoding a Reverse Shell Shellcoding a Reverse Shell - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/shellcoding-stager-local-inject/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/shellcoding-stager-local-inject/Shellcoding Stager Local Inject Shellcoding Stager Local Inject - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/shellcoding-stager-remote-inject/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/shellcoding-stager-remote-inject/Shellcoding Stager Remote Inject Shellcoding Stager Remote Inject - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/siem-and-tools/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/siem-and-tools/SIEM and Tools SIEM and Tools - security information and event management platforms and supporting tools used for log aggregation, correlation, and alerting. Hayabusa Maltego SIEM Fundamentals Splunk Related Links: Detection Engineering Endpoint Security SOC Honeypots Threat Hunting Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/siem-and-tools/siem-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/siem-and-tools/siem-fundamentals/SIEM Fundamentals SIEM Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Hayabusa Maltego Splunkhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/signalobjectandwait-alertable-function/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/signalobjectandwait-alertable-function/SignalObjectAndWait Alertable Function SignalObjectAndWait Alertable Function - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/Sleep Obfuscation Sleep Obfuscation - techniques that encrypt or hide implant code in memory during beacon sleep intervals to evade memory scanning. Ekko Sleep Obfuscation with Control Flow Guard Ekko Sleep Obfuscation with Restored File Section Protections Ekko Sleep Obfuscation with RtlEncryptMemory and RtlDecryptMemory Ekko Sleep Obfuscation with Stack Spoofing Heap Encryption with Ekko Sleep Obfuscation Introduction to Ekko Sleep Obfuscation Introduction to Foliage Sleep Obfuscation Introduction to Sleep Obfuscation PEfluctuation Zilean Sleep Obfuscation with Stack Duplication Related Links: Beacon Object Files (BOF) C2 and Networking Credential Dumping Malware Concepts Payload and PE Persistence Process Injection Windows Internalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/sleepex-alertable-function/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/sleepex-alertable-function/SleepEx Alertable Function SleepEx Alertable Function - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/smb-pass-the-hash/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/smb-pass-the-hash/SMB Pass the Hash SMB Pass the Hash - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/SOC and Detection Engineering SOC and Detection Engineering - the processes and tools used by security operations centers to monitor, detect, triage, and respond to cyber threats. Detection Engineering Endpoint Security SIEM and Tools SOC Honeypots Threat Hunting Techniques Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/soc-honeypots/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/soc-honeypots/SOC Honeypots SOC Honeypots - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Detection Engineering Endpoint Security SIEM and Tools Threat Hunting Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/Social Engineering Social Engineering - the use of psychological manipulation to deceive individuals into divulging confidential information or performing actions that compromise security. Automated Social Engineering Techniques Automated Spear Phishing Email Generation Digital Social Engineering Physical Social Engineering Social Engineering Fundamentals Social Engineering Techniques Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/social-engineering-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/social-engineering-fundamentals/Social Engineering Fundamentals Social Engineering Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automated Social Engineering Techniques Automated Spear Phishing Email Generation Digital Social Engineering Physical Social Engineering Social Engineering Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/social-engineering-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/social-engineering-techniques/Social Engineering Techniques Social Engineering Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automated Social Engineering Techniques Automated Spear Phishing Email Generation Digital Social Engineering Physical Social Engineering Social Engineering Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/software-vulnerabilities-and-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/software-vulnerabilities-and-exploits/Software Vulnerabilities and Exploits Software Vulnerabilities and Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Authentication and Authorization Automated Exploit Generation Automated Vulnerability Discovery Common Exploit Frameworks and Tools Injection Attacks OWASP Top 10 Secure Coding Fundamentals Target-Specific Exploitation Web Based Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/siem-and-tools/splunk/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/siem-and-tools/splunk/Splunk Splunk - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Hayabusa Maltego SIEM Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/spoofing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/spoofing/Spoofing Spoofing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Poisoning MITM Network Attacks Overview Packet Sniffing Exploits VLAN Hopping VMescape Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/injection-attacks/sql-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/injection-attacks/sql-injection/SQL Injection SQL Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Buffer Overflows CSRF Directory Traversal Timing Attacks XSShttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/ssl-configuration-comodo-ssl/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/ssl-configuration-comodo-ssl/SSL Configuration Comodo SSL SSL Configuration Comodo SSL - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/ssl-configuration-lets-encrypt/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/ssl-configuration-lets-encrypt/SSL Configuration Lets Encrypt SSL Configuration Lets Encrypt - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/stage-early-bird-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/stage-early-bird-injection/Stage Early Bird Injection Stage Early Bird Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/start-a-service-ms-scmr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/start-a-service-ms-scmr/Start a Service MS-SCMR Start a Service MS-SCMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/start-local-remote-service/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/start-local-remote-service/Start Local Remote Service Start Local Remote Service - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/start-remote-registry/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/start-remote-registry/Start Remote Registry Start Remote Registry - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/analysis-methods/static-analysis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/analysis-methods/static-analysis/Static Analysis Static Analysis - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Dynamic Analysis Malware Analysis Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/ghidra/static-analysis-with-ghidra/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/ghidra/static-analysis-with-ghidra/Static Analysis with Ghidra Static Analysis with Ghidra - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ghidra Fundamentals Ghidra Scripting Reverse Engineering with Ghidrahttps://r0tbyt3.dev/wiki/content/cybersecurity/cryptography/steganography/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/cryptography/steganography/Steganography Steganography - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Cryptographic Algorithms Cryptography Fundamentals Data Anonymization Techniques Data Masking Techniques Secure Communication Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/steganography-shellcode-loader/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/steganography-shellcode-loader/Steganography Shellcode Loader Steganography Shellcode Loader - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/string-hashing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/string-hashing/String Hashing String Hashing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/string-hashing-obfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/string-hashing-obfuscation/String Hashing Obfuscation String Hashing Obfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/string-hashing-obfuscation-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/string-hashing-obfuscation-techniques/String Hashing Obfuscation Techniques String Hashing Obfuscation Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashinghttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-protocols/subnetting/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-protocols/subnetting/Subnetting Subnetting - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Handshakes HTTPS Networking Networking Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/threat-modeling/supply-chain-attacks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/threat-modeling/supply-chain-attacks/Supply Chain Attacks Supply Chain Attacks - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APT OSINT Reconnaissance Techniques Threat Modeling Fundamentals Zero Dayhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/svg-smuggling/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/svg-smuggling/SVG Smuggling SVG Smuggling - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing and Evading SmuggleShield HTML Smuggling HTML Smuggling Strategies Integrating Anti-Bot with HTML Smuggling MOTW Bypass via FileFix Variations WebAssembly Smugglinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/syscall-gadget-pattern-scan/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/syscall-gadget-pattern-scan/Syscall Gadget Pattern Scan Syscall Gadget Pattern Scan - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/syscall-number-retrieval-from-ntdll-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/syscall-number-retrieval-from-ntdll-kernel/Syscall Number Retrieval from NTDLL Kernel Syscall Number Retrieval from NTDLL Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/syscalls/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/syscalls/Syscalls Syscalls - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/syscalls-tampering/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/syscalls-tampering/Syscalls Tampering Syscalls Tampering - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/systemfunction040-encryption-decryption/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/systemfunction040-encryption-decryption/SystemFunction040 Encryption Decryption SystemFunction040 Encryption Decryption - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Base N Encoder Entropy Reduction Brute Forcing Key Decryption Caesar Cipher Encryption Decryption ChaCha20 Encryption Algorithm Data Encryption Techniques Encryption Fundamentals Generating Encryption Keys Without WinAPI Calls Random Key Generation RC4 XOR Encryption Decryption via Multi-Byte Key XOR Encryption Decryption via Single Bytehttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/tampered-syscalls-via-hardware-breakpoints/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/tampered-syscalls-via-hardware-breakpoints/Tampered Syscalls via Hardware Breakpoints Tampered Syscalls via Hardware Breakpoints - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/Target-Specific Exploitation Target-Specific Exploitation - techniques for attacking unique infrastructure and deployment environments beyond standard web applications. Exploiting Cloud Infrastructure Exploiting Containerized Environments Exploiting Embedded Systems Exploiting Industrial Control Systems (ICS) Exploiting IoT Devices Exploiting Mobile Devices Exploiting Operational Technology (OT) Systems Exploiting Serverless Environments Related Links: Authentication and Authorization Automated Exploit Generation Automated Vulnerability Discovery Common Exploit Frameworks and Tools Injection Attacks OWASP Top 10 Secure Coding Fundamentals Software Vulnerabilities and Exploits Web Based Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/tcp-port-scan/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/tcp-port-scan/TCP Port Scan TCP Port Scan - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Lookup Host Check ICMP Echo Network Attacks Network Evasion Techniques Network Protocols Port Scanning VPNs Wireless and Physical Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/wireshark/tcpdump/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/wireshark/tcpdump/Tcpdump Tcpdump - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Network Forensics with Wireshark Protocol Analysis Wireshark Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/terminating-a-process-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/terminating-a-process-kernel/Terminating a Process Kernel Terminating a Process Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/thread-enumeration-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/thread-enumeration-techniques/Thread Enumeration Techniques Thread Enumeration Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/thread-enumeration-via-procfs/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/thread-enumeration-via-procfs/Thread Enumeration via ProcFS Thread Enumeration via ProcFS - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/thread-enumeration-via-syscall/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/thread-enumeration-via-syscall/Thread Enumeration via Syscall Thread Enumeration via Syscall - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/thread-hijacking-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/thread-hijacking-kernel/Thread Hijacking Kernel Thread Hijacking Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/thread-hijacking-kernel-internals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/thread-hijacking-kernel-internals/Thread Hijacking Kernel Internals Thread Hijacking Kernel Internals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/threadless-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/threadless-injection/Threadless Injection Threadless Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/beacon-object-files-bof/threadless-shellcode-injection-via-hwbps-bof/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/beacon-object-files-bof/threadless-shellcode-injection-via-hwbps-bof/Threadless Shellcode Injection via HWBPs BOF Threadless Shellcode Injection via HWBPs BOF - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: BOF Execution Introduction to BOF LSASS Dump BOF Object File Loader with Module Stomping Writing BOF Fileshttps://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/threat-hunting-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/threat-hunting-techniques/Threat Hunting Techniques Threat Hunting Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Forensic Techniques Automated Reverse Engineering Digital Forensics Forensics Hayabusa Incident Responsehttps://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/threat-hunting-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/threat-hunting-techniques/Threat Hunting Techniques Threat Hunting Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Detection Engineering Endpoint Security SIEM and Tools SOC Honeypotshttps://r0tbyt3.dev/wiki/content/cybersecurity/threat-modeling/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/threat-modeling/Threat Modeling Threat Modeling - the structured process of identifying, quantifying, and prioritizing potential threats to a system in order to guide security decisions. APT OSINT Reconnaissance Techniques Supply Chain Attacks Threat Modeling Fundamentals Zero Day Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/threat-modeling/threat-modeling-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/threat-modeling/threat-modeling-fundamentals/Threat Modeling Fundamentals Threat Modeling Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APT OSINT Reconnaissance Techniques Supply Chain Attacks Zero Dayhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/timestomping-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/timestomping-techniques/Timestomping Techniques Timestomping Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Forensic Techniques Covering Tracks Techniques Data Destruction Techniques File Time Stomping Log Tampering Techniques Self-Deletion Techniques Shadow Copy Deletionhttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/injection-attacks/timing-attacks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/injection-attacks/timing-attacks/Timing Attacks Timing Attacks - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Buffer Overflows CSRF Directory Traversal SQL Injection XSShttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/tls-callbacks-for-anti-debugging/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/tls-callbacks-for-anti-debugging/TLS Callbacks for Anti-Debugging TLS Callbacks for Anti-Debugging - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/token-impersonation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/token-impersonation/Token Impersonation Token Impersonation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/token-manipulation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/token-manipulation/Token Manipulation Token Manipulation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/token-querying/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/token-querying/Token Querying Token Querying - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/digital-social-engineering/typo-squatting/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/digital-social-engineering/typo-squatting/Typo Squatting Typo Squatting - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Business Email Compromise Drive-By Downloads File Sharing and Removable Media Phishing Overview Watering Hole Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/ultrasonic-communication-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/ultrasonic-communication-exploits/Ultrasonic Communication Exploits Ultrasonic Communication Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Acoustic Communication Exploits Bluetooth Exploits Deauth Evil Twin Attacks Infrared Exploits Near-Field Communication (NFC) Exploits Power Line Communication Exploits Quantum Communication Exploits Radio Frequency Exploits Rogue Access Point Satellite Communication Exploits Visible Light Communication Exploits WiFi Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/unhooking-all-dlls/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/unhooking-all-dlls/Unhooking All DLLs Unhooking All DLLs - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Variants Hardware Hooks NTDLL Unhooking NTDLL Unhooking Variants Utilizing Hardware Breakpoints for Hooking 1 Utilizing Hardware Breakpoints for Hooking 2https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/upload-file-via-smb/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/upload-file-via-smb/Upload File via SMB Upload File via SMB - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/urlvoid/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/urlvoid/Urlvoid Urlvoid - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analysis Methods Automated Malware Analysis Maltego Memory Leaks Metasploit Reverse Engineering Virustotalhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/user-access-control-uac/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/user-access-control-uac/User Access Control (UAC) User Access Control (UAC) - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/user-administration/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/user-administration/User Administration User Administration - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Active Directory Fundamentals Group Administration IAM Policies Identity and Access Management Fundamentals Identity Federation Pass the Hash Privileged Access Managementhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/user-interaction-evasion-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/user-interaction-evasion-techniques/User Interaction Evasion Techniques User Interaction Evasion Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugginghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/user-mode-function-lookup-in-process-modules-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/user-mode-function-lookup-in-process-modules-kernel/User Mode Function Lookup in Process Modules Kernel User Mode Function Lookup in Process Modules Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/user-mode-process-modules-enumeration-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/user-mode-process-modules-enumeration-kernel/User Mode Process Modules Enumeration Kernel User Mode Process Modules Enumeration Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/user-shared-data-delay/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/user-shared-data-delay/User Shared Data Delay User Shared Data Delay - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/using-class-in-c-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/using-class-in-c-kernel/Using Class in C Kernel Using Class in C Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/utilizing-hardware-breakpoints-for-credential-dumping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/utilizing-hardware-breakpoints-for-credential-dumping/Utilizing Hardware Breakpoints for Credential Dumping Utilizing Hardware Breakpoints for Credential Dumping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Queryinghttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/utilizing-hardware-breakpoints-for-hooking-1/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/utilizing-hardware-breakpoints-for-hooking-1/Utilizing Hardware Breakpoints for Hooking 1 Utilizing Hardware Breakpoints for Hooking 1 - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Variants Hardware Hooks NTDLL Unhooking NTDLL Unhooking Variants Unhooking All DLLs Utilizing Hardware Breakpoints for Hooking 2https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/utilizing-hardware-breakpoints-for-hooking-2/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/utilizing-hardware-breakpoints-for-hooking-2/Utilizing Hardware Breakpoints for Hooking 2 Utilizing Hardware Breakpoints for Hooking 2 - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Variants Hardware Hooks NTDLL Unhooking NTDLL Unhooking Variants Unhooking All DLLs Utilizing Hardware Breakpoints for Hooking 1https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/utilizing-ntcreateuserprocess/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/utilizing-ntcreateuserprocess/Utilizing NtCreateUserProcess Utilizing NtCreateUserProcess - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/veh-manipulation-for-local-code-execution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/veh-manipulation-for-local-code-execution/VEH Manipulation for Local Code Execution VEH Manipulation for Local Code Execution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injectionhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/virtualization/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/virtualization/Virtualization Virtualization - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/virustotal/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/virustotal/Virustotal Virustotal - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analysis Methods Automated Malware Analysis Maltego Memory Leaks Metasploit Reverse Engineering Urlvoidhttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/visible-light-communication-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/visible-light-communication-exploits/Visible Light Communication Exploits Visible Light Communication Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Acoustic Communication Exploits Bluetooth Exploits Deauth Evil Twin Attacks Infrared Exploits Near-Field Communication (NFC) Exploits Power Line Communication Exploits Quantum Communication Exploits Radio Frequency Exploits Rogue Access Point Satellite Communication Exploits Ultrasonic Communication Exploits WiFi Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/vlan-hopping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/vlan-hopping/VLAN Hopping VLAN Hopping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Poisoning MITM Network Attacks Overview Packet Sniffing Exploits Spoofing VMescape Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/vmescape-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/vmescape-exploits/VMescape Exploits VMescape Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Poisoning MITM Network Attacks Overview Packet Sniffing Exploits Spoofing VLAN Hoppinghttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/vpns/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/vpns/VPNs VPNs - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Lookup Host Check ICMP Echo Network Attacks Network Evasion Techniques Network Protocols Port Scanning TCP Port Scan Wireless and Physical Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/waitformultipleobjectsex-alertable-function/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/waitformultipleobjectsex-alertable-function/WaitForMultipleObjectsEx Alertable Function WaitForMultipleObjectsEx Alertable Function - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/waitforsingleobjectex-alertable-function/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/waitforsingleobjectex-alertable-function/WaitForSingleObjectEx Alertable Function WaitForSingleObjectEx Alertable Function - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/digital-social-engineering/watering-hole-attacks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/digital-social-engineering/watering-hole-attacks/Watering Hole Attacks Watering Hole Attacks - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Business Email Compromise Drive-By Downloads File Sharing and Removable Media Phishing Overview Typo Squattinghttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/web-based-attacks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/web-based-attacks/Web Based Attacks Web Based Attacks - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Authentication and Authorization Automated Exploit Generation Automated Vulnerability Discovery Common Exploit Frameworks and Tools Injection Attacks OWASP Top 10 Secure Coding Fundamentals Software Vulnerabilities and Exploits Target-Specific Exploitationhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/web-server-setup-apache-php/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/web-server-setup-apache-php/Web Server Setup Apache PHP Web Server Setup Apache PHP - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/web-server-setup-nginx-flask/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/web-server-setup-nginx-flask/Web Server Setup Nginx Flask Web Server Setup Nginx Flask - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/webassembly-smuggling/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/webassembly-smuggling/WebAssembly Smuggling WebAssembly Smuggling - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing and Evading SmuggleShield HTML Smuggling HTML Smuggling Strategies Integrating Anti-Bot with HTML Smuggling MOTW Bypass via FileFix Variations SVG Smugglinghttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/wifi-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/wifi-exploits/WiFi Exploits WiFi Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Acoustic Communication Exploits Bluetooth Exploits Deauth Evil Twin Attacks Infrared Exploits Near-Field Communication (NFC) Exploits Power Line Communication Exploits Quantum Communication Exploits Radio Frequency Exploits Rogue Access Point Satellite Communication Exploits Ultrasonic Communication Exploits Visible Light Communication Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/wildcard-certificate-via-lets-encrypt/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/wildcard-certificate-via-lets-encrypt/Wildcard Certificate via Lets Encrypt Wildcard Certificate via Lets Encrypt - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flaskhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/winapis-and-pe-file-format/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/winapis-and-pe-file-format/WinAPIs and PE File Format WinAPIs and PE File Format - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/winapis-pe-file-format-overview/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/winapis-pe-file-format-overview/WinAPIs PE File Format Overview WinAPIs PE File Format Overview - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernelhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/Windows Administration Windows Administration - core Windows system administration tasks including user management, registry operations, services, and remote access. Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentals Related Links: Active Directory Active Directory Enumeration Create Shortcut via IShellLink COM Interface File Creation File Operations Windows Exploitation Write File to Diskhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/windows-administration-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/windows-administration-fundamentals/Windows Administration Fundamentals Windows Administration Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualizationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/windows-dll-template/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/windows-dll-template/Windows DLL Template Windows DLL Template - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/Windows Exploitation Windows Exploitation - techniques for escalating privileges, moving laterally, and maintaining persistence in Windows environments post-compromise. AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switch Related Links: Active Directory Active Directory Enumeration Create Shortcut via IShellLink COM Interface File Creation File Operations Windows Administration Write File to Diskhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/Windows Internals Windows Internals - foundational knowledge of Windows architecture, kernel structures, API resolution, and PE file format for malware development. API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overview Related Links: Beacon Object Files (BOF) C2 and Networking Credential Dumping Malware Concepts Payload and PE Persistence Process Injection Sleep Obfuscationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/Windows Security and Administration Windows Security and Administration - Windows OS administration, Active Directory management, security hardening, and post-exploitation techniques. Active Directory Active Directory Enumeration Create Shortcut via IShellLink COM Interface File Creation File Operations Windows Administration Windows Exploitation Write File to Disk Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/Wireless and Physical Attacks Wireless and Physical Attacks - techniques exploiting wireless communications, radio frequencies, and physical-layer channels to compromise systems. Acoustic Communication Exploits Bluetooth Exploits Deauth Evil Twin Attacks Infrared Exploits Near-Field Communication (NFC) Exploits Power Line Communication Exploits Quantum Communication Exploits Radio Frequency Exploits Rogue Access Point Satellite Communication Exploits Ultrasonic Communication Exploits Visible Light Communication Exploits WiFi Exploits Related Links: DNS Lookup Host Check ICMP Echo Network Attacks Network Evasion Techniques Network Protocols Port Scanning TCP Port Scan VPNshttps://r0tbyt3.dev/wiki/content/cybersecurity/wireshark/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/wireshark/Wireshark Wireshark - a widely used network protocol analyzer for capturing and interactively inspecting network traffic in real time. Network Forensics with Wireshark Protocol Analysis Tcpdump Wireshark Fundamentals Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administrationhttps://r0tbyt3.dev/wiki/content/cybersecurity/wireshark/wireshark-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/wireshark/wireshark-fundamentals/Wireshark Fundamentals Wireshark Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Network Forensics with Wireshark Protocol Analysis Tcpdumphttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/wmi-query/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/wmi-query/WMI Query WMI Query - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/worm-like-propagation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/worm-like-propagation/Worm-Like Propagation Worm-Like Propagation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/write-file-to-disk/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/write-file-to-disk/Write File to Disk Write File to Disk - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Active Directory Active Directory Enumeration Create Shortcut via IShellLink COM Interface File Creation File Operations Windows Administration Windows Exploitationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/beacon-object-files-bof/writing-bof-files/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/beacon-object-files-bof/writing-bof-files/Writing BOF Files Writing BOF Files - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: BOF Execution Introduction to BOF LSASS Dump BOF Object File Loader with Module Stomping Threadless Shellcode Injection via HWBPs BOFhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/writing-custom-shellcode/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/writing-custom-shellcode/Writing Custom Shellcode Writing Custom Shellcode - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/writing-to-process-memory-via-apcs/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/writing-to-process-memory-via-apcs/Writing to Process Memory via APCs Writing to Process Memory via APCs - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/xll-templates/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/xll-templates/XLL Templates XLL Templates - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagationhttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/xor-encryption-decryption-via-multi-byte-key/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/xor-encryption-decryption-via-multi-byte-key/XOR Encryption Decryption via Multi-Byte Key XOR Encryption Decryption via Multi-Byte Key - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Base N Encoder Entropy Reduction Brute Forcing Key Decryption Caesar Cipher Encryption Decryption ChaCha20 Encryption Algorithm Data Encryption Techniques Encryption Fundamentals Generating Encryption Keys Without WinAPI Calls Random Key Generation RC4 SystemFunction040 Encryption Decryption XOR Encryption Decryption via Single Bytehttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/xor-encryption-decryption-via-single-byte/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/xor-encryption-decryption-via-single-byte/XOR Encryption Decryption via Single Byte XOR Encryption Decryption via Single Byte - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Base N Encoder Entropy Reduction Brute Forcing Key Decryption Caesar Cipher Encryption Decryption ChaCha20 Encryption Algorithm Data Encryption Techniques Encryption Fundamentals Generating Encryption Keys Without WinAPI Calls Random Key Generation RC4 SystemFunction040 Encryption Decryption XOR Encryption Decryption via Multi-Byte Keyhttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/injection-attacks/xss/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/injection-attacks/xss/XSS XSS - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Buffer Overflows CSRF Directory Traversal SQL Injection Timing Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/threat-modeling/zero-day/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/threat-modeling/zero-day/Zero Day Zero Day - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APT OSINT Reconnaissance Techniques Supply Chain Attacks Threat Modeling Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/zero-trust-architecture/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/zero-trust-architecture/Zero Trust Architecture Zero Trust Architecture - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DMZ Firewalls Overview Honeypots Jump Server Microsegmentation Network Segmentation Port Blockinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/zilean-sleep-obfuscation-with-stack-duplication/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/zilean-sleep-obfuscation-with-stack-duplication/Zilean Sleep Obfuscation with Stack Duplication Zilean Sleep Obfuscation with Stack Duplication - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ekko Sleep Obfuscation with Control Flow Guard Ekko Sleep Obfuscation with Restored File Section Protections Ekko Sleep Obfuscation with RtlEncryptMemory and RtlDecryptMemory Ekko Sleep Obfuscation with Stack Spoofing Heap Encryption with Ekko Sleep Obfuscation Introduction to Ekko Sleep Obfuscation Introduction to Foliage Sleep Obfuscation Introduction to Sleep Obfuscation PEfluctuation