If the Kardashians launched their own framework it would be Kommand and Kontrol (K2).
The Momager (Kris.exe or Kris.sh): The primary C2 listener.
The Glow Up: Privesc
Keeping Up: Lateral movement
#C2Framework #RedTeaming #PostExploitation #MalwareDevelopment #Infosec #CyberSecurity #EDRBypass #ActiveDirectory #PenTesting #ThreatHunting #MITREATTACK #APTHunting #Shellcode #ZeroDay #Persistence #Exfiltration #BlueTeam #PurpleTeaming #kardashians
I'm giving a remote presentation to the BSD masochistsWusers in New York City in an hour about weird code injection techniques on #FreeBSD
https://www.nycbug.org/media/March2026NYCBUG_Notice_of_Meeting.pdf
Jitsi meeting link: https://jitsi.sdf.org/NYCBUG-2026-03-04_01
YouTube stream: https://www.youtube.com/watch?v=QfGdMrmy0jw
@mrgrumpymonkey Obviously I'm not into #MalwareDevelopment (even tho I'd not consider a "#MigrationWare" that forcibly replaces #Windows with #Linux malicious per-se, it's certainly violating #consent and thus is #malware!) simply because that isn't being appreciated in my juristiction and I do kinda need a clean record to be employable in the only field I'm decent in.
New Open-Source Tool Spotlight 🚨🚨🚨
ScareCrow: A framework for crafting payloads designed to bypass Endpoint Detection and Response (EDR). It flushes EDR hooks in DLLs using methods like `VirtualProtect` & indirect syscalls, ensuring stealth execution. Written in Go, it even uses obfuscation tools like Garble. #CyberSecurity #MalwareDevelopment
🔗 Project link on #GitHub 👉 https://github.com/Tylous/ScareCrow
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴☠️
Hiding Shellcode in Image Files with Python and C/C++ -> Now Even Stealthier Without WinAPIs
Check it out here:
🔗 GitHub Repository:
👉 https://github.com/WafflesExploits/hide-payload-in-images
🔗 Full Guide Explaining the Code:
👉 https://wafflesexploits.github.io/posts/Hide_a_Payload_in_Plain_Sight_Embedding_Shellcode_in_a_Image_file/
Happy hacking! 😀
#Cybersecurity #MalwareDevelopment #Steganography #RedTeam
#EDREvasion #Python #C #Hacking #PayloadHiding #PenetrationTesting
**Development and persistence of malware in the system-3**
This is a series of articles about the development and persistence of malware in the system:
(https://attack.mitre.org/tactics/TA0003/)
🛡For educational purposes only!
🦠Part 13 (https://cocomelonc.github.io/malware/2022/10/04/malware-pers-13.html) (Hijacking uninstall logic for application) +📔 source code
(https://github.com/cocomelonc/2022-10-04-malware-pers-13)
🦠Part 14 (https://cocomelonc.github.io/malware/2022/10/09/malware-pers-14.html) (Event Viewer help link ) +📔 source code
(https://github.com/cocomelonc/2022-10-09-malware-pers-14)
🦠Part 15 (https://cocomelonc.github.io/malware/2022/10/12/malware-pers-15.html) (Internet Explorer ) +📔 source code
(https://github.com/cocomelonc/2022-10-12-malware-pers-15)
🦠Part 16 (https://cocomelonc.github.io/malware/2022/10/21/malware-pers-16.html) (PowerShell profile) +📔 source code
💥Before reading, I advise you to familiarize yourself with the persistence tactics from MITRE ATT&CK
**Development and persistence of malware in the system-2**
This is a series of articles about the development and persistence of malware in the system:
(https://attack.mitre.org/tactics/TA0003/)
🛡For educational purposes only!
🦠Part 7 (https://cocomelonc.github.io/tutorial/2022/06/12/malware-pers-7.html) (Winlogon) +📔 source code
(https://github.com/cocomelonc/2022-06-12-malware-pers-7)
🦠Part 8 (https://cocomelonc.github.io/tutorial/2022/06/19/malware-pers-8.html) (Port monitors) +📔 source code
(https://github.com/cocomelonc/2022-06-19-malware-pers-8)
🦠Part 9 (https://cocomelonc.github.io/malware/2022/08/26/malware-pers-9.html) (Default file extension hijacking) +📔 source code
(https://github.com/cocomelonc/2022-08-26-malware-pers-9)
🦠Part 10 (https://cocomelonc.github.io/malware/2022/09/10/malware-pers-10.html) (Using Image File Execution Options) +📔 source code
(https://github.com/cocomelonc/2022-09-10-malware-pers-10)
🦠Part 11 (https://cocomelonc.github.io/malware/2022/09/20/malware-pers-11.html) (PowerShell profile) +📔 source code
(https://github.com/cocomelonc/2022-09-20-malware-pers-11)
🦠Part 12 (https://cocomelonc.github.io/malware/2022/09/30/malware-pers-12.html) (Accessibility Features) +📔 source code
(https://github.com/cocomelonc/2022-09-30-malware-pers-12)
💥Before reading, I advise you to familiarize yourself with the persistence tactics from MITRE ATT&CK
**Development and persistence of malware in the system-1**
This is a series of articles about the development and persistence of malware in the system:
(https://attack.mitre.org/tactics/TA0003/)
🛡For educational purposes only!
🦠Part 1 (https://cocomelonc.github.io/tutorial/2022/04/20/malware-pers-1.html) (Registry run keys) +📔 source code
(https://github.com/cocomelonc/2022-04-20-malware-pers-1)
🦠Part 2 (https://cocomelonc.github.io/tutorial/2022/04/26/malware-pers-2.html) (Screensaver hijack) +📔 source code
(https://github.com/cocomelonc/2022-04-26-malware-pers-2)
🦠Part 3 (https://cocomelonc.github.io/tutorial/2022/05/02/malware-pers-3.html) (COM DLL hijack) +📔 source code
(https://github.com/cocomelonc/2022-05-02-malware-pers-3)
🦠Part 4 (https://cocomelonc.github.io/tutorial/2022/05/09/malware-pers-4.html) (Windows services) +📔 source code
(https://github.com/cocomelonc/2022-05-09-malware-pers-4)
🦠Part 5 (https://cocomelonc.github.io/tutorial/2022/05/16/malware-pers-5.html) (AppInit_DLLs) +📔 source code
(https://github.com/cocomelonc/2022-05-16-malware-pers-5)
🦠Part 6 (https://cocomelonc.github.io/tutorial/2022/05/29/malware-pers-6.html) (Windows netsh helper DLL) +📔 source code
(https://github.com/cocomelonc/2022-05-29-malware-pers-6)
💥Before reading, I advise you to familiarize yourself with the persistence tactics from MITRE ATT&CK
An excellent, practical in-depth explanation of Hell’s Gate technique:
https://labs.en1gma.co/malwaredevelopment/evasion/security/2023/08/14/syscalls.html
The direct syscalls provided by this method were relatively easy to turn into indirect ones by borrowing some code here:
Currently looking to hone my Malware Development skills. Anyone have strong feelings on Sektor7¹ versus MalDevAcademy²? I'm aware it's unlikely many folks have taken both but hoping someone can steer me.
_______
¹ https://institute.sektor7.net/
² https://maldevacademy.com/
Been enjoying taking the Sektor7 malware development course (not sure if they’re on mastodon).
For those getting into malware analysis and aren’t fans of the “go learn C and build a hello world program” track, this course might pique your interest since it’s deliberately creating malware.
Particularly nice to learn first hand where payloads can get stored, how cryptography actually gets used, and then extrapolate how to detect those things.
This blog is a good read in general, and does a good job explaining some of what one can learn in the course: https://assume-breach.medium.com/home-grown-red-team-lets-make-some-malware-in-c-part-1-dc48fb360658?source=social.tw
#malwareanalysis #malware #malwaredevelopment
Course is here (note I’m not affiliated with Sektor7 and this is not an ad lol) https://institute.sektor7.net/red-team-operator-malware-development-essentials
I've been running around like a crazy person recently but this #golang malware dev presentation needs to join my question above.
"Offensive Golang Bonanza" by @awgh https://youtu.be/oCdaOLmKu6s
Sorry to anyone who isn't as interested in Go as I am. Please feel free to add other presentations because I will definitely watch them.
