Hey, It’s been a busy month for me and I was not able to save time to write the final part of the series on Malware Development. But I am receiving too many DMs on Twitter accounts lately to publish the final part. So here we are. If you are reading this blog, I am […]
Recap In the previous post, we wrote a simple CMD Reverse Shell over TCP. However, in a real-life scenario, things would be pretty different. In this post, we will be focusing on Evading Antivirus and covering the following topics: Creating a Simulated Environment using Windows Active Directory, DNS, Proxy and Firewall. Writing C/C++ code for […]
The Prologue This is my reposting of the blog series I wrote here at ScriptDotSh If you haven’t watched the videos yet, here are my links to both the antivirus evasions I performed: 1. Windows Cloud ML Defender Evasion 2. Kaspersky AV Evasion Besides the above two, I was also able to evade the Symantec […]
The Scope Recently, we conducted a red team assessment for a large enterprise client where the scenarios allowed were to either use the hardened laptop of the client or to try and connect our own laptop to the network (though they did have a Network Access Control system in place). This blog posts lists out […]
Prologue In the previous blogpost, we reverse engineered a binary and extracted the password from within it. This binary however contained a plaintext password. This was good to start for beginners, but you won’t really find such types of binaries in today’s world. In real life, passwords are mostly obfuscated or encrypted. Most of the […]
Prologue In the previous blog here, we reverse engineered a simple binary containing plaintext password in Linux with the help of GNU Debugger (GDB). In this blog however, we will be using the same source code of the binary but compile and debug it in Windows. Reverse engineering tools in Windows are highly different from […]
Prologue The main focus of this blog is to give a push start to the beginners to get in the field of reverse engineering. Since this is the age of x64, I have skipped x86 architecture and will solely be focusing on x64 assembly. However, all the examples that will be written in C++ can […]
Welcome to the part 4 of malware development .In the previous parts 1, 2-1, 2-2 and 3, we created a binary which can listen to the commands from our botnet server. We also wrote the C2 server in python3 which can handle multiple connections via multithreading and send commands to all of them. In this […]
In the previous parts 1, 2-1 and 2-2 of this series we created a binary that can connect to, and parse commands sent via netcat listener. However, netcat is not an ideal choice for a Botnet Server, and in this post, we will be writing a full-fledged python3 Botnet Server, sending commands to our Bot […]
In the previous parts of this blog series, I introduced the concept of writing a full-undetectable malware and about writing a client-side socket using Windows API. In this blog, we are going to parse the reply received from the netcat server and prompt a reply as to whether the command was parsed or not. […]
