Simple Trick: Code behavior detected by Anti-virus and #Bypassing Some AVs via Sleep/timer trick in C#
Video: https://www.youtube.com/watch?v=hmzKun6eFh8
#penesting #redteaming #bypassav #evasion #inmemory #redteam #pentest

Two C# Methods and test on Win 11 [v22H2] with last updates.

Simple #Technique to Load Assembly/Bytes into local process (#inmemory) via C# #Delegation + #Native #APIs and #Bypassing Anti-viruses ;), some part of code changed via [D]elegate Techniques which i called [Technique ;D] to change some #behavior of code (also change source code) and Method is not really new but C# code a little bit is ;D [since 2022 i used this], changing RWX to X and after 2 min to RX by "NativePayload_PE1.cs" or changing RWX to X only by "NativePayload_PE2.cs"
and
some anti-virus companies say "COME-ON", like Kaspersky ;D

note: as #pentester you really need to change your own codes sometimes very fast , these codes changed and again worked very well and as #securityresearcher this is really fun to find out new method/codes to bypass AVs always ;D

article => https://lnkd.in/e4PPJe7R
source code => https://lnkd.in/eZEEhfDY

#bypass #bypassav #redteaming #pentesting #blueteaming #csharp #offensivesecurity #offensive

Two C# Methods vs "Kaspersky cloud security v21.3"
now testing Kaspersky with last update 22/1/2023 and bypassed very well

Simple #Technique to Load Assembly/Bytes into local process (#inmemory) via C# #Delegation + #Native #APIs and #Bypassing Anti-viruses ;), some part of code changed via [D]elegate Techniques which i called [Technique ;D] to change some #behavior of code (also change source code) and Method is not really new but C# code a little bit is ;D [since 2022 i used this], changing RWX to X and after 2 min to RX by "NativePayload_PE1.cs" or changing RWX to X only by "NativePayload_PE2.cs"
and
some anti-virus companies says "COME-ON", like Kaspersky ;D

note: as #pentester you really need to change your own codes sometimes very fast , these codes changed and again worked very well and as #securityresearcher this is really fun to find out new method/codes to bypass AVs always ;D

article => https://lnkd.in/e4PPJe7R
source code => https://lnkd.in/eZEEhfDY

#bypass #bypassav #redteaming #pentesting #blueteaming #csharp #offensivesecurity #offensive #kaspersky

Simple #Technique to Load Assembly/Bytes into local process (#inmemory) via C# #Delegation + #Native #APIs and #Bypassing Anti-viruses ;), some part of code changed via [D]elegate Techniques which i called [Technique ;D] to change some #behavior of code (also change source code) and ...

NativePayload_PE1 , Injecting Meterpreter Payload bytes into local Process via Delegation Technique + in-memory with delay Changing RWX to X or RX or (both), simple Technique to bypass some Anti-viruses
Note: tested on WIN10 + WinDefender [update 2023/1/10]

#redteam #pentesting

https://github.com/DamonMoham
madbagher/NativePayload_PE1

Simple #Technique to Load Assembly/Bytes into local process (#inmemory) via C# #Delegation + #Native #APIs and #Bypassing Anti-viruses ;), some part of code changed via [D]elegate Techniques which i called [Technique ;D] to change some #behavior of code (also change source code) and ...

note: as #pentester you really need to change your own codes sometimes very fast , these codes changed and again worked very well and as #securityresearcher this is really fun to find out new method/codes to bypass AVs always ;D

Method is not really new but C# code a little bit is ;D [since 2022 i used this], changing RWX to X and after 2 min to RX ;D
and
some anti-viruses companies says "COME-ON" ;p

two methods for #Injecting code into local process and run in-memory without make any new process and #bypassing #Antiviruses ...
my new #C2 server Web-browser edition (for test only) with two (old but still useful) Techniques for Run #Assembly #bytes #inmemory
and i made Network C# core code for this New C# C2 server [web-browser edition] via #AIChat + search in you.com, this site is awesome, all research only here in this site, still i really do not use Google.com after this "you.com" Search engine + AI and #AI Chat etc
helps to fast research and i made C2 server very faster than before via you.com all things are faster and better but sometimes code are not good or have bug/error but its ok ;D i can handle that.

as you can see "runmem" and "runmem2" are two internal commands for my C2 and which two method my Assembly code is Running in-Memory (downloaded from address 192.168.56.102/payload.txt asm-bytes via text format and run in memory via C2 Server side code [NativePayload_ServerC2.exe]) and Windows Defender Bypassed very well, these methods are not new but sill useful in some AVs ;D

related video => https://infosec.exchange/@DamonMohammadbagher/109697761820485786

i will talk about Making C2 Server and these Codes in my New #ebook by one Chapter...
#redteam #pentesting

#offensivesecurity #ChatGPT #csharp #pentesting #redteaming

as i said years ago C# #programming and #csharp #Offensive codes is really good for #bypassing #Antiviruses and #EDRs also modern #malwares will use C# codes, because still Antivirus companies focus is on C/C++ codes more than others codes like C# also C# in-memory attacks really was successful experience against Anti-viruses (those days, even these days ;D) , now we see a lot #pentesting course via C# programming also a lot #redteaming C# Codes and Offensive C# Codes and Courses, that because Pentesters and Red-teamers really know what they can do by C# in win7,10,11 etc so this will be continue
But Some "beginner" Pentesters/Red-teamers think C# is not Useful for making Offensive codes which is "wrong mindset"

i can explain why C# Offensive programming is really useful and good for Pentesters/red-teamers etc, for example how you can use Windows #API programming to #bypass AVs/EDRs also how you can use .NET Features for compiling codes in-memory for bypassing AVs also why C# codes still is not in top priority for detecting via AVs and a lot #methods and #techniques which is #unique in .net and C# which you have not them in C/C++ very simple and ...

But

for explaining these C#.Net features "step-by-step with details" i use "ChatGPT" to explain much better for you.
so i + "ChatGPT" made our first Video together for you all to "explain technical details" why C# is one of top languages for #offensive programming .... ;D👇

those Cyber Security guys which called itself #pentester or #Redteamer or #SecurityResearcher "just because" they are in university (learning something As [basics ;D more often] or academic things or out-of-date things ;D) and they "did not have any Experience" in Cyber Security Fields (even 1 year) and some of them even did not have any good/unique/new Cyber Security Research or tools/codes (which shared before to public).
and yeah we call them beginner "geniuses" in cyber security lol

Vs

those Cyber Security Guys which they have at least 3-5 years experience of learning real/new/unique things in these fields like #penetrationtesting or #redteaming or #securityresearch .

believe me your academic things are "Bullshit" and your instructors did not have updated content , they even don't have good viewpoint for cyber security fields like Penetration test or ... ,more often they don't have any experience of working with Offensive tools like Modern C2 servers, they don't know how you can write Offensive Codes like Writing #C2 server/agent (and why should do that) or they don't know how you can writing Offensive codes for bypassing #avs or #EDRs or #bypassing other things ... you don't know about these things or a lot other things which you should learn them outside of university "by yourself".

you can learn these things from #infosec #communities (with read Articles or Learn Courses which shared Publicly or Privately by #SecurityResearchers and #Pentesters or #redteamers or #blueteamers) and you need at least 2-3 years experiences for learn these new things.

Some guys think if you know all tools in Kali linux then you can call yourself #Pentester or Red-teamer, which is not true "geniuses".
Penetration testing is not about Tools , its about background "concepts" of tools omfg "remember this". (its about logic behind tools)

#Stealing passwords from #infosec #Mastodon – without #bypassing #CSP

https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp

#Bypassing Anti-Viruses with Thread Injection Technique + C# Delegate & ETW (#pentesting #redteaming)

https://damonmohammadbagher.github.io/Posts/1jun2020x.html

#ISREALI #PEGASUS #SPYWARE: #Saudia_Arabia #IMPLICATIONS | Memory Lane

Pegasus spyware is capable of #bypassing your phone's #security and gaining complete #access to your device - including emails, messages, #GPS_location, photos, video, and your phone's #microphone.

https://youtu.be/G7H9uo3j5FQ

Disclaimer: http://DavidVTV.com and/or its owners [http://JustBlameWayne.com] are not affiliates of this provider or referenced image used. this is NOT an Endorsement OR Sponsored (Paid) Promotion...

#BIG_FAITH | #International_Tech_News

#ISREALI #PEGASUS #SPYWARE: The #Spyware_Technology that #threatens_democracy |

#Pegasus #Spyware is capable of #bypassing your phone's #security and gaining complete #access to your #device??

Revealed #widespread_abuse of the Pegasus #technology by #government_clients around the world

#Israeli_manufacturer — the #NSO_Group. People who were selected as possible targets include journalists, lawyers and human rights defenders.

https://youtu.be/G7H9uo3j5FQ

#BIG_FAITH | #International_Tech_News

#ISREALI #PEGASUS #SPYWARE: The #Spyware_Technology that #threatens_democracy |

#Pegasus #Spyware is capable of #bypassing your phone's #security and gaining complete #access to your #device??

Revealed #widespread_abuse of the Pegasus #technology by #government_clients around the world

#Israeli_manufacturer — the #NSO_Group. People who were selected as possible targets include journalists, lawyers and human rights defende..

https://youtu.be/G7H9uo3j5FQ

#BIG_FAITH | #International_Tech_News

#ISREALI #PEGASUS #SPYWARE: The #Spyware_Technology that #threatens_democracy |

#Pegasus #Spyware is capable of #bypassing your phone's #security and gaining complete #access to your #device??

Revealed #widespread_abuse of the Pegasus #technology by #government_clients around the world

#Israeli_manufacturer — the #NSO_Group. People who were selected as possible targets include journalists, lawyers and human rights defenders.

https://youtu.be/G7H9uo3j5FQ

#BIG_TECH | #Brave is #bypassing #Google #AMP pages because they’re ‘#HARMFUL_TO_USERS’

“In practice, AMP is harmful to users and to the Web at large,” Brave’s blog post said, before explaining that AMP gives Google even #more_knowledge of users’ #browsing_habits, #confuses users, and can often be #slower than normal web pages. And it #warned that the next version of AMP — so far just called AMP 2.0 — will be even #WORSE.

https://www.theverge.com/2022/4/19/23032776/brave-de-amp-google-browser

Disclaimer: DavidV.TV and/or its owners..

#INTERNATIONAL_TECH_NEWS | #ISREALI #PEGASUS #SPYWARE: The #Spyware_Technology that Threatens Democracy |

Wide Spread ABUSE!?

Pegasus spyware is capable of #bypassing your phone's #security and gaining #complete_access to your #device - including emails, messages, GPS location, photos, video, and your phone's microphone.

https://youtu.be/G7H9uo3j5FQ

Disclaimer: DavidV.TV and/or its owners (Tastingtraffic LLC) are not affiliates of this provider or referenced image used and this..