cocomelonc

cocomelonc

cybersec enthusiast. CTF player

tags

malware 104
red team 98
windows 91
win32api 60
injection 24
persistence 24
evasion 20
asm 9
code injection 9
x86 8
blue team 8
pentest 6
analysis 5
dll injection 3
APC injection 3
dllhijack 2
privesc 2
pivoting 2
networking 2
api hooking 2
ransomware 2
conti 2
redteam 1
pwn 1
exploit 1
winapi 1
forensics 1
volatility 1
yara 1
virustotal 1

malware

Malware development trick - part 36: Enumerate process modules. Simple C++ example.

3 minute read

﷽

Malware and cryptography 20: encrypt/decrypt payload via Skipjack. Simple C++ example.

13 minute read

﷽

Malware and cryptography 1: encrypt/decrypt payload via RC5. Simple C++ example.

9 minute read

﷽

Malware development trick - part 35: Store payload in alternate data streams. Simple C++ example.

3 minute read

﷽

Malware development: persistence - part 22. Windows Setup. Simple C++ example.

3 minute read

﷽

Malware development trick - part 34: Find PID via WTSEnumerateProcesses. Simple C++ example.

5 minute read

﷽

Malware AV/VM evasion - part 18: encrypt/decrypt payload via modular multiplication-based block cipher. Simple C++ example.

8 minute read

﷽

Malware AV/VM evasion - part 17: bypass UAC via fodhelper.exe. Simple C++ example.

4 minute read

﷽

Malware development trick - part 33. Syscalls - part 2. Simple C++ example.

5 minute read

﷽

Malware development trick - part 32. Syscalls - part 1. Simple C++ example.

5 minute read

﷽

Malware development trick - part 31: Run shellcode via SetTimer. Simple C++ example.

3 minute read

﷽

Malware development trick - part 30: Find PID via NtGetNextProcess. Simple C++ example.

5 minute read

﷽

Malware development trick - part 29: Store binary data in registry. Simple C++ example.

7 minute read

﷽

Malware development trick - part 28: Dump lsass.exe. Simple C++ example.

4 minute read

﷽

Malware development trick - part 27: WinAPI LoadLibrary implementation. Simple C++ example.

2 minute read

﷽

Malware AV/VM evasion - part 16: WinAPI GetProcAddress implementation. Simple C++ example.

5 minute read

﷽

Malware AV/VM evasion - part 15: WinAPI GetModuleHandle implementation. Simple C++ example.

5 minute read

﷽

Malware AV/VM evasion - part 14: encrypt/decrypt payload via A5/1. Bypass Kaspersky AV. Simple C++ example.

21 minute read

﷽

Malware AV/VM evasion - part 13: encrypt/decrypt payload via Madryga. Simple C++ example.

6 minute read

﷽

Malware AV/VM evasion - part 12: encrypt/decrypt payload via TEA. Simple C++ example.

10 minute read

﷽

Malware AV/VM evasion - part 11: encrypt payload via DES. Simple C++ example.

10 minute read

﷽

Malware analysis: part 8. Yara rule example for MurmurHash2. MurmurHash2 in Conti ransomware

5 minute read

﷽

Malware analysis: part 7. Yara rule example for CRC32. CRC32 in REvil ransomware

6 minute read

﷽

Malware development: persistence - part 21. Recycle Bin, My Documents COM extension handler. Simple C++ example.

3 minute read

﷽

Malware development tricks: part 26. Mutex. C++ example.

3 minute read

﷽

Malware development tricks: part 25. EnumerateLoadedModules. C++ example.

4 minute read

﷽

Malware development: persistence - part 20. UserInitMprLogonScript (Logon Script). Simple C++ example.

2 minute read

﷽

Malware development tricks: part 24. Listplanting. C++ example.

2 minute read

﷽

Malware development: persistence - part 19. Disk Cleanup Utility. Simple C++ example.

2 minute read

﷽

Malware analysis: part 6. Shannon entropy. Simple python script.

8 minute read

﷽

Malware development: persistence - part 18. Windows Error Reporting. Simple C++ example.

3 minute read

﷽

APT techniques: Token theft via UpdateProcThreadAttribute. Simple C++ example.

3 minute read

﷽

Malware development: persistence - part 16. Cryptography Registry Keys. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 15. Internet Explorer. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 14. Event Viewer help link. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 13. Hijacking uninstall logic for application. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 12. Accessibility Features. Simple C++ example.

2 minute read

﷽

APT techniques: Access Token manipulation. Token theft. Simple C++ example.

7 minute read

﷽

Malware development: persistence - part 11. Powershell profile. Simple C++ example.

3 minute read

﷽

Malware AV/VM evasion - part 10: anti-debugging. NtGlobalFlag. Simple C++ example.

1 minute read

﷽

Malware development: persistence - part 10. Using Image File Execution Options. Simple C++ example.

4 minute read

﷽

Malware development tricks: parent PID spoofing. Simple C++ example.

4 minute read

﷽

Malware development: persistence - part 9. Default file extension hijacking. Simple C++ example.

2 minute read

﷽

Malware AV evasion - part 9. Encrypt base64 encoded payload via RC4. C++ example.

6 minute read

﷽

Malware AV evasion - part 8. Encode payload via Z85 algorithm. C++ example.

3 minute read

﷽

Malware development tricks. Run shellcode like a Lazarus Group. C++ example.

3 minute read

﷽

Malware development book. First version

1 minute read

﷽

Malware development tricks. Run shellcode via EnumChildWindows. C++ example.

2 minute read

﷽

Malware development tricks. Run shellcode via EnumDesktopsA. C++ example.

1 minute read

﷽

Malware development: persistence - part 8. Port monitors. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 7. Winlogon. Simple C++ example.

4 minute read

﷽

Malware AV evasion: part 7. Disable Windows Defender. Simple C++ example.

4 minute read

﷽

Malware development: persistence - part 6. Windows netsh helper DLL. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 5. AppInit_DLLs. Simple C++ example.

3 minute read

﷽

Malware development: persistence - part 4. Windows services. Simple C++ example.

5 minute read

﷽

Malware development: persistence - part 3. COM DLL hijack. Simple C++ example.

4 minute read

﷽

Malware development: persistence - part 2. Screensaver hijack. C++ example.

3 minute read

﷽

Malware development: persistence - part 1. Registry run keys. C++ example.

2 minute read

﷽

Malware development tricks. Download and inject logic. C++ example.

4 minute read

﷽

Conti ransomware source code investigation - part 2.

2 minute read

﷽

AV/VM engines evasion techniques - part 6. Simple C++ example.

4 minute read

﷽

Malware development tricks. Find kernel32.dll base: asm style. C++ example.

5 minute read

﷽

Conti ransomware source code investigation - part 1.

4 minute read

﷽

AV engines evasion techniques - part 5. Simple C++ example.

4 minute read

﷽

AV engines evasion techniques - part 4. Simple C++ example.

9 minute read

﷽

Process injection via FindWindow. Simple C++ example.

3 minute read

﷽

Windows API hooking part 2. Simple C++ example.

2 minute read

﷽

Malware analysis 4: Work with VirusTotal API v3. Create own python script.

7 minute read

﷽

Malware analysis 3: threat hunting via YARA. Process injection example.

2 minute read

﷽

Basic memory forensics with Volatility. Process injection example.

3 minute read

﷽

Process injection via RWX-memory hunting. Simple C++ example.

3 minute read

﷽

Process injection via KernelCallbackTable. Simple C++ malware example.

6 minute read

﷽

Code injection via memory sections and ZwQueueApcThread. Simple C++ malware example.

4 minute read

﷽

Code injection via ZwCreateSection. Simple C++ malware example.

4 minute read

﷽

AV engines evasion techniques - part 3. Simple C++ example.

7 minute read

﷽

Buffer overflow example. SLMail v.5.5

6 minute read

﷽

Code injection via memory sections. Simple C++ example.

5 minute read

﷽

Code injection via undocumented Native API functions. Simple C++ example.

2 minute read

﷽

Code injection via undocumented NtAllocateVirtualMemory. Simple C++ example.

2 minute read

﷽

DLL injection via undocumented NtCreateThreadEx. Simple C++ example.

4 minute read

﷽

Run shellcode via inline ASM. Simple C++ example.

1 minute read

﷽

Windows API hooking. Simple C++ example.

5 minute read

﷽

Code injection via windows Fibers. Simple C++ malware.

4 minute read

﷽

Classic DLL injection via SetWindowsHookEx. Simple C++ malware.

3 minute read

﷽

Code injection via thread hijacking. Simple C++ malware.

5 minute read

﷽

APC injection via alertable threads. Simple C++ malware.

5 minute read

﷽

APC injection via NtTestAlert. Simple C++ malware.

3 minute read

﷽

APC injection technique. Simple C++ malware.

5 minute read

﷽

Windows shellcoding - part 3. PE file format

6 minute read

﷽

Windows shellcoding - part 2. Find kernel32 address

5 minute read

﷽

Windows shellcoding - part 1. Simple example

6 minute read

﷽

Linux shellcoding - part 2. Reverse TCP shellcode

10 minute read

﷽

DLL hijacking with exported functions. Example: Microsoft Teams

7 minute read

﷽

Linux shellcoding. Examples

10 minute read

﷽

Malware analysis - part 2: My NASM tutorial.

18 minute read

﷽

Malware analysis - part 1: My intro to x86 assembly.

15 minute read

﷽

Find process ID by name and inject to it. Simple C++ example.

4 minute read

﷽

Classic DLL injection into the process. Simple C++ malware.

4 minute read

﷽

Classic code injection into the process. Simple C++ malware.

6 minute read

﷽

Simple C++ reverse shell for windows

7 minute read

﷽

Reverse shells

4 minute read

﷽

AV engines evasion for C++ simple malware - part 2

9 minute read

﷽

AV engines evasion for C++ simple malware

8 minute read

﷽

Welcome to my cybersecurity path

less than 1 minute read

﷽

Back to top ↑

red team

Malware development trick - part 36: Enumerate process modules. Simple C++ example.

3 minute read

﷽

Malware and cryptography 20: encrypt/decrypt payload via Skipjack. Simple C++ example.

13 minute read

﷽

Malware and cryptography 1: encrypt/decrypt payload via RC5. Simple C++ example.

9 minute read

﷽

Malware development trick - part 35: Store payload in alternate data streams. Simple C++ example.

3 minute read

﷽

Malware development: persistence - part 22. Windows Setup. Simple C++ example.

3 minute read

﷽

Malware development trick - part 34: Find PID via WTSEnumerateProcesses. Simple C++ example.

5 minute read

﷽

Malware AV/VM evasion - part 18: encrypt/decrypt payload via modular multiplication-based block cipher. Simple C++ example.

8 minute read

﷽

Malware AV/VM evasion - part 17: bypass UAC via fodhelper.exe. Simple C++ example.

4 minute read

﷽

Malware development trick - part 33. Syscalls - part 2. Simple C++ example.

5 minute read

﷽

Malware development trick - part 32. Syscalls - part 1. Simple C++ example.

5 minute read

﷽

Malware development trick - part 31: Run shellcode via SetTimer. Simple C++ example.

3 minute read

﷽

Malware development trick - part 30: Find PID via NtGetNextProcess. Simple C++ example.

5 minute read

﷽

Malware development trick - part 29: Store binary data in registry. Simple C++ example.

7 minute read

﷽

Malware development trick - part 28: Dump lsass.exe. Simple C++ example.

4 minute read

﷽

Malware development trick - part 27: WinAPI LoadLibrary implementation. Simple C++ example.

2 minute read

﷽

Malware AV/VM evasion - part 16: WinAPI GetProcAddress implementation. Simple C++ example.

5 minute read

﷽

Malware AV/VM evasion - part 15: WinAPI GetModuleHandle implementation. Simple C++ example.

5 minute read

﷽

Malware AV/VM evasion - part 14: encrypt/decrypt payload via A5/1. Bypass Kaspersky AV. Simple C++ example.

21 minute read

﷽

Malware AV/VM evasion - part 13: encrypt/decrypt payload via Madryga. Simple C++ example.

6 minute read

﷽

Malware AV/VM evasion - part 12: encrypt/decrypt payload via TEA. Simple C++ example.

10 minute read

﷽

Malware AV/VM evasion - part 11: encrypt payload via DES. Simple C++ example.

10 minute read

﷽

Malware development: persistence - part 21. Recycle Bin, My Documents COM extension handler. Simple C++ example.

3 minute read

﷽

Malware development tricks: part 26. Mutex. C++ example.

3 minute read

﷽

Malware development tricks: part 25. EnumerateLoadedModules. C++ example.

4 minute read

﷽

Malware development: persistence - part 20. UserInitMprLogonScript (Logon Script). Simple C++ example.

2 minute read

﷽

Malware development tricks: part 24. Listplanting. C++ example.

2 minute read

﷽

Malware development: persistence - part 19. Disk Cleanup Utility. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 18. Windows Error Reporting. Simple C++ example.

3 minute read

﷽

APT techniques: Token theft via UpdateProcThreadAttribute. Simple C++ example.

3 minute read

﷽

Malware development: persistence - part 16. Cryptography Registry Keys. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 15. Internet Explorer. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 14. Event Viewer help link. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 13. Hijacking uninstall logic for application. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 12. Accessibility Features. Simple C++ example.

2 minute read

﷽

APT techniques: Access Token manipulation. Token theft. Simple C++ example.

7 minute read

﷽

Malware development: persistence - part 11. Powershell profile. Simple C++ example.

3 minute read

﷽

Malware AV/VM evasion - part 10: anti-debugging. NtGlobalFlag. Simple C++ example.

1 minute read

﷽

Malware development: persistence - part 10. Using Image File Execution Options. Simple C++ example.

4 minute read

﷽

Malware development tricks: parent PID spoofing. Simple C++ example.

4 minute read

﷽

Malware development: persistence - part 9. Default file extension hijacking. Simple C++ example.

2 minute read

﷽

Malware AV evasion - part 9. Encrypt base64 encoded payload via RC4. C++ example.

6 minute read

﷽

Malware AV evasion - part 8. Encode payload via Z85 algorithm. C++ example.

3 minute read

﷽

Malware development tricks. Run shellcode like a Lazarus Group. C++ example.

3 minute read

﷽

Malware development book. First version

1 minute read

﷽

Malware development tricks. Run shellcode via EnumChildWindows. C++ example.

2 minute read

﷽

Malware development tricks. Run shellcode via EnumDesktopsA. C++ example.

1 minute read

﷽

Malware development: persistence - part 8. Port monitors. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 7. Winlogon. Simple C++ example.

4 minute read

﷽

Malware AV evasion: part 7. Disable Windows Defender. Simple C++ example.

4 minute read

﷽

Malware development: persistence - part 6. Windows netsh helper DLL. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 5. AppInit_DLLs. Simple C++ example.

3 minute read

﷽

Malware development: persistence - part 4. Windows services. Simple C++ example.

5 minute read

﷽

Malware development: persistence - part 3. COM DLL hijack. Simple C++ example.

4 minute read

﷽

Malware development: persistence - part 2. Screensaver hijack. C++ example.

3 minute read

﷽

Malware development: persistence - part 1. Registry run keys. C++ example.

2 minute read

﷽

Malware development tricks. Download and inject logic. C++ example.

4 minute read

﷽

Conti ransomware source code investigation - part 2.

2 minute read

﷽

AV/VM engines evasion techniques - part 6. Simple C++ example.

4 minute read

﷽

Malware development tricks. Find kernel32.dll base: asm style. C++ example.

5 minute read

﷽

Conti ransomware source code investigation - part 1.

4 minute read

﷽

AV engines evasion techniques - part 5. Simple C++ example.

4 minute read

﷽

AV engines evasion techniques - part 4. Simple C++ example.

9 minute read

﷽

Process injection via FindWindow. Simple C++ example.

3 minute read

﷽

Windows API hooking part 2. Simple C++ example.

2 minute read

﷽

Malware analysis 4: Work with VirusTotal API v3. Create own python script.

7 minute read

﷽

Malware analysis 3: threat hunting via YARA. Process injection example.

2 minute read

﷽

Basic memory forensics with Volatility. Process injection example.

3 minute read

﷽

Process injection via RWX-memory hunting. Simple C++ example.

3 minute read

﷽

Process injection via KernelCallbackTable. Simple C++ malware example.

6 minute read

﷽

Code injection via memory sections and ZwQueueApcThread. Simple C++ malware example.

4 minute read

﷽

Code injection via ZwCreateSection. Simple C++ malware example.

4 minute read

﷽

AV engines evasion techniques - part 3. Simple C++ example.

7 minute read

﷽

Buffer overflow example. SLMail v.5.5

6 minute read

﷽

Code injection via memory sections. Simple C++ example.

5 minute read

﷽

Code injection via undocumented Native API functions. Simple C++ example.

2 minute read

﷽

Code injection via undocumented NtAllocateVirtualMemory. Simple C++ example.

2 minute read

﷽

DLL injection via undocumented NtCreateThreadEx. Simple C++ example.

4 minute read

﷽

Run shellcode via inline ASM. Simple C++ example.

1 minute read

﷽

Windows API hooking. Simple C++ example.

5 minute read

﷽

Code injection via windows Fibers. Simple C++ malware.

4 minute read

﷽

Classic DLL injection via SetWindowsHookEx. Simple C++ malware.

3 minute read

﷽

Code injection via thread hijacking. Simple C++ malware.

5 minute read

﷽

APC injection via alertable threads. Simple C++ malware.

5 minute read

﷽

APC injection via NtTestAlert. Simple C++ malware.

3 minute read

﷽

APC injection technique. Simple C++ malware.

5 minute read

﷽

Pivoting - part 2. Proxychains. Metasploit. Practical example.

2 minute read

﷽

Pivoting - part 1. Practical example

3 minute read

﷽

Windows shellcoding - part 3. PE file format

6 minute read

﷽

Windows shellcoding - part 2. Find kernel32 address

5 minute read

﷽

Windows shellcoding - part 1. Simple example

6 minute read

﷽

Buffer overflow - part 1. Linux stack smashing

7 minute read

﷽

Linux shellcoding - part 2. Reverse TCP shellcode

10 minute read

﷽

Linux shellcoding. Examples

10 minute read

﷽

Classic code injection into the process. Simple C++ malware.

6 minute read

﷽

Simple C++ reverse shell for windows

7 minute read

﷽

Reverse shells

4 minute read

﷽

AV engines evasion for C++ simple malware - part 2

9 minute read

﷽

AV engines evasion for C++ simple malware

8 minute read

﷽

Back to top ↑

windows

Malware development trick - part 36: Enumerate process modules. Simple C++ example.

3 minute read

﷽

Malware and cryptography 20: encrypt/decrypt payload via Skipjack. Simple C++ example.

13 minute read

﷽

Malware and cryptography 1: encrypt/decrypt payload via RC5. Simple C++ example.

9 minute read

﷽

Malware development trick - part 35: Store payload in alternate data streams. Simple C++ example.

3 minute read

﷽

Malware development: persistence - part 22. Windows Setup. Simple C++ example.

3 minute read

﷽

Malware development trick - part 34: Find PID via WTSEnumerateProcesses. Simple C++ example.

5 minute read

﷽

Malware AV/VM evasion - part 18: encrypt/decrypt payload via modular multiplication-based block cipher. Simple C++ example.

8 minute read

﷽

Malware AV/VM evasion - part 17: bypass UAC via fodhelper.exe. Simple C++ example.

4 minute read

﷽

Malware development trick - part 33. Syscalls - part 2. Simple C++ example.

5 minute read

﷽

Malware development trick - part 32. Syscalls - part 1. Simple C++ example.

5 minute read

﷽

Malware development trick - part 31: Run shellcode via SetTimer. Simple C++ example.

3 minute read

﷽

Malware development trick - part 30: Find PID via NtGetNextProcess. Simple C++ example.

5 minute read

﷽

Malware development trick - part 29: Store binary data in registry. Simple C++ example.

7 minute read

﷽

Malware development trick - part 28: Dump lsass.exe. Simple C++ example.

4 minute read

﷽

Malware development trick - part 27: WinAPI LoadLibrary implementation. Simple C++ example.

2 minute read

﷽

Malware AV/VM evasion - part 16: WinAPI GetProcAddress implementation. Simple C++ example.

5 minute read

﷽

Malware AV/VM evasion - part 15: WinAPI GetModuleHandle implementation. Simple C++ example.

5 minute read

﷽

Malware AV/VM evasion - part 14: encrypt/decrypt payload via A5/1. Bypass Kaspersky AV. Simple C++ example.

21 minute read

﷽

Malware AV/VM evasion - part 13: encrypt/decrypt payload via Madryga. Simple C++ example.

6 minute read

﷽

Malware AV/VM evasion - part 12: encrypt/decrypt payload via TEA. Simple C++ example.

10 minute read

﷽

Malware AV/VM evasion - part 11: encrypt payload via DES. Simple C++ example.

10 minute read

﷽

Malware analysis: part 8. Yara rule example for MurmurHash2. MurmurHash2 in Conti ransomware

5 minute read

﷽

Malware analysis: part 7. Yara rule example for CRC32. CRC32 in REvil ransomware

6 minute read

﷽

Malware development: persistence - part 21. Recycle Bin, My Documents COM extension handler. Simple C++ example.

3 minute read

﷽

Malware development tricks: part 26. Mutex. C++ example.

3 minute read

﷽

Malware development tricks: part 25. EnumerateLoadedModules. C++ example.

4 minute read

﷽

Malware development: persistence - part 20. UserInitMprLogonScript (Logon Script). Simple C++ example.

2 minute read

﷽

Malware development tricks: part 24. Listplanting. C++ example.

2 minute read

﷽

Malware development: persistence - part 19. Disk Cleanup Utility. Simple C++ example.

2 minute read

﷽

Malware analysis: part 6. Shannon entropy. Simple python script.

8 minute read

﷽

Malware development: persistence - part 18. Windows Error Reporting. Simple C++ example.

3 minute read

﷽

APT techniques: Token theft via UpdateProcThreadAttribute. Simple C++ example.

3 minute read

﷽

Malware development: persistence - part 16. Cryptography Registry Keys. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 15. Internet Explorer. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 14. Event Viewer help link. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 13. Hijacking uninstall logic for application. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 12. Accessibility Features. Simple C++ example.

2 minute read

﷽

APT techniques: Access Token manipulation. Token theft. Simple C++ example.

7 minute read

﷽

Malware development: persistence - part 11. Powershell profile. Simple C++ example.

3 minute read

﷽

Malware AV/VM evasion - part 10: anti-debugging. NtGlobalFlag. Simple C++ example.

1 minute read

﷽

Malware development: persistence - part 10. Using Image File Execution Options. Simple C++ example.

4 minute read

﷽

Malware development tricks: parent PID spoofing. Simple C++ example.

4 minute read

﷽

Malware development: persistence - part 9. Default file extension hijacking. Simple C++ example.

2 minute read

﷽

Malware AV evasion - part 9. Encrypt base64 encoded payload via RC4. C++ example.

6 minute read

﷽

Malware AV evasion - part 8. Encode payload via Z85 algorithm. C++ example.

3 minute read

﷽

Malware development tricks. Run shellcode like a Lazarus Group. C++ example.

3 minute read

﷽

Malware development book. First version

1 minute read

﷽

Malware development tricks. Run shellcode via EnumChildWindows. C++ example.

2 minute read

﷽

Malware development tricks. Run shellcode via EnumDesktopsA. C++ example.

1 minute read

﷽

Malware development: persistence - part 8. Port monitors. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 7. Winlogon. Simple C++ example.

4 minute read

﷽

Malware AV evasion: part 7. Disable Windows Defender. Simple C++ example.

4 minute read

﷽

Malware development: persistence - part 6. Windows netsh helper DLL. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 5. AppInit_DLLs. Simple C++ example.

3 minute read

﷽

Malware development: persistence - part 4. Windows services. Simple C++ example.

5 minute read

﷽

Malware development: persistence - part 3. COM DLL hijack. Simple C++ example.

4 minute read

﷽

Malware development: persistence - part 2. Screensaver hijack. C++ example.

3 minute read

﷽

Malware development: persistence - part 1. Registry run keys. C++ example.

2 minute read

﷽

Malware development tricks. Download and inject logic. C++ example.

4 minute read

﷽

Conti ransomware source code investigation - part 2.

2 minute read

﷽

AV/VM engines evasion techniques - part 6. Simple C++ example.

4 minute read

﷽

Malware development tricks. Find kernel32.dll base: asm style. C++ example.

5 minute read

﷽

Conti ransomware source code investigation - part 1.

4 minute read

﷽

AV engines evasion techniques - part 5. Simple C++ example.

4 minute read

﷽

AV engines evasion techniques - part 4. Simple C++ example.

9 minute read

﷽

Process injection via FindWindow. Simple C++ example.

3 minute read

﷽

Windows API hooking part 2. Simple C++ example.

2 minute read

﷽

Process injection via KernelCallbackTable. Simple C++ malware example.

6 minute read

﷽

Code injection via memory sections and ZwQueueApcThread. Simple C++ malware example.

4 minute read

﷽

Code injection via ZwCreateSection. Simple C++ malware example.

4 minute read

﷽

AV engines evasion techniques - part 3. Simple C++ example.

7 minute read

﷽

Code injection via memory sections. Simple C++ example.

5 minute read

﷽

Windows API hooking. Simple C++ example.

5 minute read

﷽

Code injection via windows Fibers. Simple C++ malware.

4 minute read

﷽

Classic DLL injection via SetWindowsHookEx. Simple C++ malware.

3 minute read

﷽

Code injection via thread hijacking. Simple C++ malware.

5 minute read

﷽

APC injection via alertable threads. Simple C++ malware.

5 minute read

﷽

APC injection via NtTestAlert. Simple C++ malware.

3 minute read

﷽

APC injection technique. Simple C++ malware.

5 minute read

﷽

Windows shellcoding - part 3. PE file format

6 minute read

﷽

Windows shellcoding - part 2. Find kernel32 address

5 minute read

﷽

Windows shellcoding - part 1. Simple example

6 minute read

﷽

DLL hijacking with exported functions. Example: Microsoft Teams

7 minute read

﷽

Find process ID by name and inject to it. Simple C++ example.

4 minute read

﷽

DLL hijacking in Windows. Simple C example.

3 minute read

﷽

Classic DLL injection into the process. Simple C++ malware.

4 minute read

﷽

Classic code injection into the process. Simple C++ malware.

6 minute read

﷽

Simple C++ reverse shell for windows

7 minute read

﷽

Reverse shells

4 minute read

﷽

AV engines evasion for C++ simple malware - part 2

9 minute read

﷽

AV engines evasion for C++ simple malware

8 minute read

﷽

Back to top ↑

win32api

Malware development trick - part 36: Enumerate process modules. Simple C++ example.

3 minute read

﷽

Malware and cryptography 20: encrypt/decrypt payload via Skipjack. Simple C++ example.

13 minute read

﷽

Malware and cryptography 1: encrypt/decrypt payload via RC5. Simple C++ example.

9 minute read

﷽

Malware development trick - part 35: Store payload in alternate data streams. Simple C++ example.

3 minute read

﷽

Malware development: persistence - part 22. Windows Setup. Simple C++ example.

3 minute read

﷽

Malware development trick - part 34: Find PID via WTSEnumerateProcesses. Simple C++ example.

5 minute read

﷽

Malware AV/VM evasion - part 18: encrypt/decrypt payload via modular multiplication-based block cipher. Simple C++ example.

8 minute read

﷽

Malware AV/VM evasion - part 17: bypass UAC via fodhelper.exe. Simple C++ example.

4 minute read

﷽

Malware development trick - part 33. Syscalls - part 2. Simple C++ example.

5 minute read

﷽

Malware development trick - part 32. Syscalls - part 1. Simple C++ example.

5 minute read

﷽

Malware development trick - part 31: Run shellcode via SetTimer. Simple C++ example.

3 minute read

﷽

Malware development trick - part 30: Find PID via NtGetNextProcess. Simple C++ example.

5 minute read

﷽

Malware development trick - part 29: Store binary data in registry. Simple C++ example.

7 minute read

﷽

Malware development trick - part 28: Dump lsass.exe. Simple C++ example.

4 minute read

﷽

Malware development trick - part 27: WinAPI LoadLibrary implementation. Simple C++ example.

2 minute read

﷽

Malware AV/VM evasion - part 16: WinAPI GetProcAddress implementation. Simple C++ example.

5 minute read

﷽

Malware AV/VM evasion - part 15: WinAPI GetModuleHandle implementation. Simple C++ example.

5 minute read

﷽

Malware AV/VM evasion - part 14: encrypt/decrypt payload via A5/1. Bypass Kaspersky AV. Simple C++ example.

21 minute read

﷽

Malware AV/VM evasion - part 13: encrypt/decrypt payload via Madryga. Simple C++ example.

6 minute read

﷽

Malware AV/VM evasion - part 12: encrypt/decrypt payload via TEA. Simple C++ example.

10 minute read

﷽

Malware AV/VM evasion - part 11: encrypt payload via DES. Simple C++ example.

10 minute read

﷽

Malware analysis: part 8. Yara rule example for MurmurHash2. MurmurHash2 in Conti ransomware

5 minute read

﷽

Malware analysis: part 7. Yara rule example for CRC32. CRC32 in REvil ransomware

6 minute read

﷽

Malware development: persistence - part 21. Recycle Bin, My Documents COM extension handler. Simple C++ example.

3 minute read

﷽

Malware development tricks: part 26. Mutex. C++ example.

3 minute read

﷽

Malware development tricks: part 25. EnumerateLoadedModules. C++ example.

4 minute read

﷽

Malware development: persistence - part 20. UserInitMprLogonScript (Logon Script). Simple C++ example.

2 minute read

﷽

Malware development tricks: part 24. Listplanting. C++ example.

2 minute read

﷽

Malware development: persistence - part 19. Disk Cleanup Utility. Simple C++ example.

2 minute read

﷽

Malware analysis: part 6. Shannon entropy. Simple python script.

8 minute read

﷽

Malware development: persistence - part 18. Windows Error Reporting. Simple C++ example.

3 minute read

﷽

APT techniques: Token theft via UpdateProcThreadAttribute. Simple C++ example.

3 minute read

﷽

Malware development: persistence - part 16. Cryptography Registry Keys. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 15. Internet Explorer. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 14. Event Viewer help link. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 13. Hijacking uninstall logic for application. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 12. Accessibility Features. Simple C++ example.

2 minute read

﷽

APT techniques: Access Token manipulation. Token theft. Simple C++ example.

7 minute read

﷽

Malware development: persistence - part 11. Powershell profile. Simple C++ example.

3 minute read

﷽

Malware AV/VM evasion - part 10: anti-debugging. NtGlobalFlag. Simple C++ example.

1 minute read

﷽

Malware development: persistence - part 10. Using Image File Execution Options. Simple C++ example.

4 minute read

﷽

Malware development tricks: parent PID spoofing. Simple C++ example.

4 minute read

﷽

Malware development: persistence - part 9. Default file extension hijacking. Simple C++ example.

2 minute read

﷽

Malware AV evasion - part 9. Encrypt base64 encoded payload via RC4. C++ example.

6 minute read

﷽

Malware AV evasion - part 8. Encode payload via Z85 algorithm. C++ example.

3 minute read

﷽

Malware development tricks. Run shellcode like a Lazarus Group. C++ example.

3 minute read

﷽

Malware development book. First version

1 minute read

﷽

Malware development tricks. Run shellcode via EnumChildWindows. C++ example.

2 minute read

﷽

Malware development tricks. Run shellcode via EnumDesktopsA. C++ example.

1 minute read

﷽

Malware development: persistence - part 8. Port monitors. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 7. Winlogon. Simple C++ example.

4 minute read

﷽

Malware AV evasion: part 7. Disable Windows Defender. Simple C++ example.

4 minute read

﷽

Malware development: persistence - part 6. Windows netsh helper DLL. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 5. AppInit_DLLs. Simple C++ example.

3 minute read

﷽

Malware development: persistence - part 4. Windows services. Simple C++ example.

5 minute read

﷽

Malware development: persistence - part 3. COM DLL hijack. Simple C++ example.

4 minute read

﷽

Malware development: persistence - part 2. Screensaver hijack. C++ example.

3 minute read

﷽

Malware development: persistence - part 1. Registry run keys. C++ example.

2 minute read

﷽

Malware development tricks. Download and inject logic. C++ example.

4 minute read

﷽

Malware development tricks. Find kernel32.dll base: asm style. C++ example.

5 minute read

﷽

Back to top ↑

injection

Malware development tricks: part 26. Mutex. C++ example.

3 minute read

﷽

Malware development tricks: part 25. EnumerateLoadedModules. C++ example.

4 minute read

﷽

Malware development tricks: part 24. Listplanting. C++ example.

2 minute read

﷽

Malware development tricks: parent PID spoofing. Simple C++ example.

4 minute read

﷽

Malware development tricks. Run shellcode like a Lazarus Group. C++ example.

3 minute read

﷽

Malware development tricks. Run shellcode via EnumChildWindows. C++ example.

2 minute read

﷽

Malware development tricks. Run shellcode via EnumDesktopsA. C++ example.

1 minute read

﷽

Malware development tricks. Download and inject logic. C++ example.

4 minute read

﷽

AV/VM engines evasion techniques - part 6. Simple C++ example.

4 minute read

﷽

Malware development tricks. Find kernel32.dll base: asm style. C++ example.

5 minute read

﷽

AV engines evasion techniques - part 5. Simple C++ example.

4 minute read

﷽

AV engines evasion techniques - part 4. Simple C++ example.

9 minute read

﷽

Process injection via FindWindow. Simple C++ example.

3 minute read

﷽

Process injection via RWX-memory hunting. Simple C++ example.

3 minute read

﷽

Process injection via KernelCallbackTable. Simple C++ malware example.

6 minute read

﷽

Code injection via memory sections and ZwQueueApcThread. Simple C++ malware example.

4 minute read

﷽

Code injection via ZwCreateSection. Simple C++ malware example.

4 minute read

﷽

AV engines evasion techniques - part 3. Simple C++ example.

7 minute read

﷽

Buffer overflow example. SLMail v.5.5

6 minute read

﷽

Code injection via memory sections. Simple C++ example.

5 minute read

﷽

Code injection via undocumented Native API functions. Simple C++ example.

2 minute read

﷽

Code injection via undocumented NtAllocateVirtualMemory. Simple C++ example.

2 minute read

﷽

DLL injection via undocumented NtCreateThreadEx. Simple C++ example.

4 minute read

﷽

Run shellcode via inline ASM. Simple C++ example.

1 minute read

﷽

Back to top ↑

persistence

Malware development: persistence - part 22. Windows Setup. Simple C++ example.

3 minute read

﷽

Malware development: persistence - part 21. Recycle Bin, My Documents COM extension handler. Simple C++ example.

3 minute read

﷽

Malware development: persistence - part 20. UserInitMprLogonScript (Logon Script). Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 19. Disk Cleanup Utility. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 18. Windows Error Reporting. Simple C++ example.

3 minute read

﷽

APT techniques: Token theft via UpdateProcThreadAttribute. Simple C++ example.

3 minute read

﷽

Malware development: persistence - part 16. Cryptography Registry Keys. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 15. Internet Explorer. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 14. Event Viewer help link. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 13. Hijacking uninstall logic for application. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 12. Accessibility Features. Simple C++ example.

2 minute read

﷽

APT techniques: Access Token manipulation. Token theft. Simple C++ example.

7 minute read

﷽

Malware development: persistence - part 11. Powershell profile. Simple C++ example.

3 minute read

﷽

Malware development: persistence - part 10. Using Image File Execution Options. Simple C++ example.

4 minute read

﷽

Malware development: persistence - part 9. Default file extension hijacking. Simple C++ example.

2 minute read

﷽

Malware development book. First version

1 minute read

﷽

Malware development: persistence - part 8. Port monitors. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 7. Winlogon. Simple C++ example.

4 minute read

﷽

Malware development: persistence - part 6. Windows netsh helper DLL. Simple C++ example.

2 minute read

﷽

Malware development: persistence - part 5. AppInit_DLLs. Simple C++ example.

3 minute read

﷽

Malware development: persistence - part 4. Windows services. Simple C++ example.

5 minute read

﷽

Malware development: persistence - part 3. COM DLL hijack. Simple C++ example.

4 minute read

﷽

Malware development: persistence - part 2. Screensaver hijack. C++ example.

3 minute read

﷽

Malware development: persistence - part 1. Registry run keys. C++ example.

2 minute read

﷽

Back to top ↑

evasion

Malware and cryptography 20: encrypt/decrypt payload via Skipjack. Simple C++ example.

13 minute read

﷽

Malware and cryptography 1: encrypt/decrypt payload via RC5. Simple C++ example.

9 minute read

﷽

Malware AV/VM evasion - part 18: encrypt/decrypt payload via modular multiplication-based block cipher. Simple C++ example.

8 minute read

﷽

Malware AV/VM evasion - part 17: bypass UAC via fodhelper.exe. Simple C++ example.

4 minute read

﷽

Malware development trick - part 28: Dump lsass.exe. Simple C++ example.

4 minute read

﷽

Malware development trick - part 27: WinAPI LoadLibrary implementation. Simple C++ example.

2 minute read

﷽

Malware AV/VM evasion - part 16: WinAPI GetProcAddress implementation. Simple C++ example.

5 minute read

﷽

Malware AV/VM evasion - part 15: WinAPI GetModuleHandle implementation. Simple C++ example.

5 minute read

﷽

Malware AV/VM evasion - part 14: encrypt/decrypt payload via A5/1. Bypass Kaspersky AV. Simple C++ example.

21 minute read

﷽

Malware AV/VM evasion - part 13: encrypt/decrypt payload via Madryga. Simple C++ example.

6 minute read

﷽

Malware AV/VM evasion - part 12: encrypt/decrypt payload via TEA. Simple C++ example.

10 minute read

﷽

Malware AV/VM evasion - part 11: encrypt payload via DES. Simple C++ example.

10 minute read

﷽

Malware AV/VM evasion - part 10: anti-debugging. NtGlobalFlag. Simple C++ example.

1 minute read

﷽

Malware AV evasion - part 9. Encrypt base64 encoded payload via RC4. C++ example.

6 minute read

﷽

Malware AV evasion - part 8. Encode payload via Z85 algorithm. C++ example.

3 minute read

﷽

Malware AV evasion: part 7. Disable Windows Defender. Simple C++ example.

4 minute read

﷽

Conti ransomware source code investigation - part 2.

2 minute read

﷽

AV/VM engines evasion techniques - part 6. Simple C++ example.

4 minute read

﷽

Conti ransomware source code investigation - part 1.

4 minute read

﷽

AV engines evasion techniques - part 5. Simple C++ example.

4 minute read

﷽

Back to top ↑

asm

Run shellcode via inline ASM. Simple C++ example.

1 minute read

﷽

Windows shellcoding - part 3. PE file format

6 minute read

﷽

Windows shellcoding - part 2. Find kernel32 address

5 minute read

﷽

Windows shellcoding - part 1. Simple example

6 minute read

﷽

Buffer overflow - part 1. Linux stack smashing

7 minute read

﷽

Linux shellcoding - part 2. Reverse TCP shellcode

10 minute read

﷽

Linux shellcoding. Examples

10 minute read

﷽

Malware analysis - part 2: My NASM tutorial.

18 minute read

﷽

Malware analysis - part 1: My intro to x86 assembly.

15 minute read

﷽

Back to top ↑

code injection

Process injection via KernelCallbackTable. Simple C++ malware example.

6 minute read

﷽

Code injection via memory sections and ZwQueueApcThread. Simple C++ malware example.

4 minute read

﷽

Code injection via ZwCreateSection. Simple C++ malware example.

4 minute read

﷽

Buffer overflow example. SLMail v.5.5

6 minute read

﷽

Code injection via memory sections. Simple C++ example.

5 minute read

﷽

Code injection via undocumented Native API functions. Simple C++ example.

2 minute read

﷽

Code injection via undocumented NtAllocateVirtualMemory. Simple C++ example.

2 minute read

﷽

Code injection via windows Fibers. Simple C++ malware.

4 minute read

﷽

Code injection via thread hijacking. Simple C++ malware.

5 minute read

﷽

Back to top ↑

x86

Windows shellcoding - part 3. PE file format

6 minute read

﷽

Windows shellcoding - part 2. Find kernel32 address

5 minute read

﷽

Windows shellcoding - part 1. Simple example

6 minute read

﷽

Buffer overflow - part 1. Linux stack smashing

7 minute read

﷽

Linux shellcoding - part 2. Reverse TCP shellcode

10 minute read

﷽

Linux shellcoding. Examples

10 minute read

﷽

Malware analysis - part 2: My NASM tutorial.

18 minute read

﷽

Malware analysis - part 1: My intro to x86 assembly.

15 minute read

﷽

Back to top ↑

blue team

Malware development trick - part 36: Enumerate process modules. Simple C++ example.

3 minute read

﷽

Malware analysis: part 8. Yara rule example for MurmurHash2. MurmurHash2 in Conti ransomware

5 minute read

﷽

Malware analysis: part 7. Yara rule example for CRC32. CRC32 in REvil ransomware

6 minute read

﷽

Malware analysis: part 6. Shannon entropy. Simple python script.

8 minute read

﷽

Malware analysis 4: Work with VirusTotal API v3. Create own python script.

7 minute read

﷽

Malware analysis 3: threat hunting via YARA. Process injection example.

2 minute read

﷽

Basic memory forensics with Volatility. Process injection example.

3 minute read

﷽

Malware analysis - part 2: My NASM tutorial.

18 minute read

﷽

Back to top ↑

pentest

Pivoting - part 2. Proxychains. Metasploit. Practical example.

2 minute read

﷽

Pivoting - part 1. Practical example

3 minute read

﷽

Classic code injection into the process. Simple C++ malware.

6 minute read

﷽

Simple C++ reverse shell for windows

7 minute read

﷽

Reverse shells

4 minute read

﷽

Welcome to my cybersecurity path

less than 1 minute read

﷽

Back to top ↑

analysis

Malware analysis: part 8. Yara rule example for MurmurHash2. MurmurHash2 in Conti ransomware

5 minute read

﷽

Malware analysis: part 7. Yara rule example for CRC32. CRC32 in REvil ransomware

6 minute read

﷽

Malware analysis: part 6. Shannon entropy. Simple python script.

8 minute read

﷽

Malware analysis 4: Work with VirusTotal API v3. Create own python script.

7 minute read

﷽

Malware analysis 3: threat hunting via YARA. Process injection example.

2 minute read

﷽

Back to top ↑

dll injection

DLL injection via undocumented NtCreateThreadEx. Simple C++ example.

4 minute read

﷽

Classic DLL injection via SetWindowsHookEx. Simple C++ malware.

3 minute read

﷽

Classic DLL injection into the process. Simple C++ malware.

4 minute read

﷽

Back to top ↑

APC injection

APC injection via alertable threads. Simple C++ malware.

5 minute read

﷽

APC injection via NtTestAlert. Simple C++ malware.

3 minute read

﷽

APC injection technique. Simple C++ malware.

5 minute read

﷽

Back to top ↑

dllhijack

DLL hijacking with exported functions. Example: Microsoft Teams

7 minute read

﷽

DLL hijacking in Windows. Simple C example.

3 minute read

﷽

Back to top ↑

privesc

DLL hijacking with exported functions. Example: Microsoft Teams

7 minute read

﷽

DLL hijacking in Windows. Simple C example.

3 minute read

﷽

Back to top ↑

pivoting

Pivoting - part 2. Proxychains. Metasploit. Practical example.

2 minute read

﷽

Pivoting - part 1. Practical example

3 minute read

﷽

Back to top ↑

networking

Pivoting - part 2. Proxychains. Metasploit. Practical example.

2 minute read

﷽

Pivoting - part 1. Practical example

3 minute read

﷽

Back to top ↑

api hooking

Windows API hooking part 2. Simple C++ example.

2 minute read

﷽

Windows API hooking. Simple C++ example.

5 minute read

﷽

Back to top ↑

ransomware

Conti ransomware source code investigation - part 2.

2 minute read

﷽

Conti ransomware source code investigation - part 1.

4 minute read

﷽

Back to top ↑

conti

Conti ransomware source code investigation - part 2.

2 minute read

﷽

Conti ransomware source code investigation - part 1.

4 minute read

﷽

Back to top ↑

redteam

Welcome to my cybersecurity path

less than 1 minute read

﷽

Back to top ↑

pwn

Buffer overflow - part 1. Linux stack smashing

7 minute read

﷽

Back to top ↑

exploit

Buffer overflow - part 1. Linux stack smashing

7 minute read

﷽

Back to top ↑

winapi

Process injection via RWX-memory hunting. Simple C++ example.

3 minute read

﷽

Back to top ↑

forensics

Basic memory forensics with Volatility. Process injection example.

3 minute read

﷽

Back to top ↑

volatility

Basic memory forensics with Volatility. Process injection example.

3 minute read

﷽

Back to top ↑

yara

Malware analysis 3: threat hunting via YARA. Process injection example.

2 minute read

﷽

Back to top ↑

virustotal

Malware analysis 4: Work with VirusTotal API v3. Create own python script.

7 minute read

﷽

Back to top ↑