Damon Mohammadbagher ✅ · @DamonMohammadbagher
76 followers · 110 posts · Server infosec.exchangeKASPERSKY #Bypassed and ...
NativePayload_PE1/PE2 also some New code Which Callback Function API integrated to Delegation Method [Technique D] & Bypassing some AVs, source code available in my Github [https://github.com/DamonMohammadbagher/NativePayload_PE1] but those two new Codes "NativePayload_AsynASM.cs + NativePayload_ASM3.cs" will share in the future but you can see source code in Video ;D
#penesting #redteaming #bypassav #evasion #inmemory #redteam #pentest
#bypassed #penesting #redteaming #bypassav #evasion #inmemory #redteam #pentest
Damon Mohammadbagher ✅ · @DamonMohammadbagher
76 followers · 109 posts · Server infosec.exchange
KASPERSKY #Bypassed again ;D
with Native API you can change #Process Memory very simple and i tested simple c# code to Convert payload #inmemory before running payload also after running payload with delay so In-memory every 60 secs only once RAW payload will run in memory and this code still needs to test but i did not have any error in Server-side or client-side and #Cobaltstrike commands worked very well but still needs to work on this code (this code just was for test),
btw code was not Detected by Kaspersky so i can say KASPERSKY Bypassed again ;D
anyway #Encrypting or #obfuscating in-memory can help you sometimes ;)
#penesting #redteaming #bypassav #evasion #inmemory #redteam #pentest
#bypassed #process #inmemory #cobaltstrike #encrypting #obfuscating #penesting #redteaming #bypassav #evasion #redteam #pentest
CK's Technology News · @CKsTechNews
1564 followers · 688 posts · Server cktn.todon.deWindows 10 + 11 #Security #Feature Alerts #Bypassed By #Attackers
#security #feature #bypassed #attackers