https://r0tbyt3.dev/tags/payload-and-pe/Recent content in Payload-and-Pe on Jesus OsegueraHugoen-ushttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/apc-injection-via-write-to-process-memory/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/apc-injection-via-write-to-process-memory/APC Injection via Write to Process Memory APC Injection via Write to Process Memory - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/automated-payload-generation-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/automated-payload-generation-techniques/Automated Payload Generation Techniques Automated Payload Generation Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/building-a-loader/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/building-a-loader/Building a Loader Building a Loader - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/building-a-pe-packer/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/building-a-pe-packer/Building a PE Packer Building a PE Packer - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/building-an-evasive-dll-payload-loader/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/building-an-evasive-dll-payload-loader/Building an Evasive DLL Payload Loader Building an Evasive DLL Payload Loader - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/command-line-argument-spoofing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/command-line-argument-spoofing/Command Line Argument Spoofing Command Line Argument Spoofing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/compile-time-hash-obfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/compile-time-hash-obfuscation/Compile-Time Hash Obfuscation Compile-Time Hash Obfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/compile-time-string-encryption/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/compile-time-string-encryption/Compile-Time String Encryption Compile-Time String Encryption - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/controlling-payload-execution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/controlling-payload-execution/Controlling Payload Execution Controlling Payload Execution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/crt-library-removal/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/crt-library-removal/CRT Library Removal CRT Library Removal - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/crt-removal/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/crt-removal/CRT Removal CRT Removal - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/custom-winapi-functions/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/custom-winapi-functions/Custom WinAPI Functions Custom WinAPI Functions - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/dll-sideloading-via-at.exe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/dll-sideloading-via-at.exe/DLL Sideloading via at.exe DLL Sideloading via at.exe - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/executing-commands-via-ishelldispatch2-com-interface/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/executing-commands-via-ishelldispatch2-com-interface/Executing Commands via IShellDispatch2 COM Interface Executing Commands via IShellDispatch2 COM Interface - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/executing-files-via-ihxhelppaneserver-com-interface/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/executing-files-via-ihxhelppaneserver-com-interface/Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxHelpPaneServer COM Interface - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/executing-files-via-ihxinteractiveuser-com-interface/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/executing-files-via-ihxinteractiveuser-com-interface/Executing Files via IHxInteractiveUser COM Interface Executing Files via IHxInteractiveUser COM Interface - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-a-pointer-to-peb/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-a-pointer-to-peb/Fetch a Pointer to PEB Fetch a Pointer to PEB - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-a-pointer-to-peb-arm/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-a-pointer-to-peb-arm/Fetch a Pointer to PEB ARM Fetch a Pointer to PEB ARM - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-a-pointer-to-teb/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-a-pointer-to-teb/Fetch a Pointer to TEB Fetch a Pointer to TEB - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-image-dos-header/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-image-dos-header/Fetch Image DOS Header Fetch Image DOS Header - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-image-headers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-image-headers/Fetch Image Headers Fetch Image Headers - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-image-nt-headers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-image-nt-headers/Fetch Image NT Headers Fetch Image NT Headers - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/file-entropy-reduction/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/file-entropy-reduction/File Entropy Reduction File Entropy Reduction - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/forwarded-functions/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/forwarded-functions/Forwarded Functions Forwarded Functions - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/get-ntdll-base-address-from-stack-frame-walk/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/get-ntdll-base-address-from-stack-frame-walk/Get NTDLL Base Address from Stack Frame Walk Get NTDLL Base Address from Stack Frame Walk - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/getmodulehandle-replacement/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/getmodulehandle-replacement/GetModuleHandle Replacement GetModuleHandle Replacement - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/getprocaddress-replacement/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/getprocaddress-replacement/GetProcAddress Replacement GetProcAddress Replacement - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/iat-api-set-resolution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/iat-api-set-resolution/IAT API Set Resolution IAT API Set Resolution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/inserting-a-custom-section-into-a-pe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/inserting-a-custom-section-into-a-pe/Inserting a Custom Section into a PE Inserting a Custom Section into a PE - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/local-payload-execution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/local-payload-execution/Local Payload Execution Local Payload Execution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/local-pe-execution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/local-pe-execution/Local PE Execution Local PE Execution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/local-shellcode-execution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/local-shellcode-execution/Local Shellcode Execution Local Shellcode Execution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/manually-mapping-api-set-names/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/manually-mapping-api-set-names/Manually Mapping API Set Names Manually Mapping API Set Names - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/net-assemblies-patching-systemenvironment.exit/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/net-assemblies-patching-systemenvironment.exit/NET Assemblies Patching SystemEnvironment.Exit NET Assemblies Patching SystemEnvironment.Exit - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/patching-the-.net-exit-routine/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/patching-the-.net-exit-routine/Patching the .NET Exit Routine Patching the .NET Exit Routine - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/Payload and PE Payload and PE - techniques for building, loading, and executing shellcode and PE-format payloads in offensive security implants. APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-encryption-variants/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-encryption-variants/Payload Encryption Variants Payload Encryption Variants - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-injection/Payload Injection Payload Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-obfuscation-and-deobfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-obfuscation-and-deobfuscation/Payload Obfuscation and Deobfuscation Payload Obfuscation and Deobfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-obfuscation-variants/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-obfuscation-variants/Payload Obfuscation Variants Payload Obfuscation Variants - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-placement/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-placement/Payload Placement Payload Placement - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-placement-variants/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-placement-variants/Payload Placement Variants Payload Placement Variants - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-staging/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-staging/Payload Staging Payload Staging - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-staging-via-registry-and-web/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-staging-via-registry-and-web/Payload Staging via Registry and Web Payload Staging via Registry and Web - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/peb-ldr-data-iterator/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/peb-ldr-data-iterator/PEB LDR Data Iterator PEB LDR Data Iterator - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/portable-pe-headers-retrieval/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/portable-pe-headers-retrieval/Portable PE Headers Retrieval Portable PE Headers Retrieval - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/ppid-spoofing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/ppid-spoofing/PPID Spoofing PPID Spoofing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/remote-payload-execution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/remote-payload-execution/Remote Payload Execution Remote Payload Execution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/shellcode-reflective-dll-injection-srdi/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/shellcode-reflective-dll-injection-srdi/Shellcode Reflective DLL Injection (sRDI) Shellcode Reflective DLL Injection (sRDI) - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/shellcoding-a-reverse-shell/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/shellcoding-a-reverse-shell/Shellcoding a Reverse Shell Shellcoding a Reverse Shell - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/shellcoding-stager-local-inject/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/shellcoding-stager-local-inject/Shellcoding Stager Local Inject Shellcoding Stager Local Inject - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/shellcoding-stager-remote-inject/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/shellcoding-stager-remote-inject/Shellcoding Stager Remote Inject Shellcoding Stager Remote Inject - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/stage-early-bird-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/stage-early-bird-injection/Stage Early Bird Injection Stage Early Bird Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/steganography-shellcode-loader/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/steganography-shellcode-loader/Steganography Shellcode Loader Steganography Shellcode Loader - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/string-hashing-obfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/string-hashing-obfuscation/String Hashing Obfuscation String Hashing Obfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/syscalls/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/syscalls/Syscalls Syscalls - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/utilizing-ntcreateuserprocess/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/utilizing-ntcreateuserprocess/Utilizing NtCreateUserProcess Utilizing NtCreateUserProcess - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/winapis-and-pe-file-format/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/winapis-and-pe-file-format/WinAPIs and PE File Format WinAPIs and PE File Format - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/writing-custom-shellcode/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/writing-custom-shellcode/Writing Custom Shellcode Writing Custom Shellcode - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/writing-to-process-memory-via-apcs/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/writing-to-process-memory-via-apcs/Writing to Process Memory via APCs Writing to Process Memory via APCs - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.