Intro Something different this time. This post is based on a speech I’m giving on June 24th at Ya!vaConf in Poland. So, we will analyze WebGoat application which is written in Java to discover some vulnerabilities in the source code and then write an exploit using Python.| 0xpat.github.io
Introduction This is the 9th post of a series which regards the development of malicious software. In this series we will explore and try to implement multiple techniques used by malicious applications to execute code, hide from defenses and persist. Today we explore techniques for executing managed code from a native code.| 0xpat.github.io
Introduction This is the seventh post of a series which regards the development of malicious software. In this series we will explore and try to implement multiple techniques used by malicious applications to execute code, hide from defenses and persist. Today we will talk about “Secure Desktop” on Windows and implement a keylogger.| 0xpat.github.io
Introduction This is the sixth post of a series which regards the development of malicious software. In this series we will explore and try to implement multiple techniques used by malicious applications to execute code, hide from defenses and persist. Today we will explore anti-disassembly obfuscation using LLVM and template metaprogramming.| 0xpat.github.io
Introduction This is the fifth post of a series which regards the development of malicious software. In this series we will explore and try to implement multiple techniques used by malicious applications to execute code, hide from defenses and persist. In the previous posts we explored anti-VM, anti-sandbox, anti-debugging and anti-static-analysis methods. In this post we’ll explore some cool tricks to further obscure our code like parent PID spoofing, process protection, environmental keyi...| 0xpat.github.io
Introduction This is the fourth post of a series which regards the development of malicious software. In this series we will explore and try to implement multiple techniques used by malicious applications to execute code, hide from defenses and persist. In the previous part of the series we discussed methods for detecting sandboxes, virtual machines, automated analysis and making manual debugging harder for an analyst. In this post we will talk more about compiling and linking the code with V...| 0xpat.github.io
Introduction This is the third post of a series which regards development of malicious software. In this series we will explore and try to implement multiple techniques used by malicious applications to execute code, hide from defenses and persist. In the previous part of the series we discussed methods for detecting sandboxes, virtual machines and automated analysis. This time let’s see how the application can detect that it’s being debugged or inspected by an analyst.| 0xpat.github.io
Introduction This is the second post of a series which regards development of malicious software. In this series we will explore and try to implement multiple techniques used by malicious applications to execute code, hide from defenses and persist. Previously, we’ve created basic Metasploit shellcode launcher in C++ and explored basic techniques which helped to lower detection rate of the compiled executable - payload encoding/encryption, binary signing with custom code-signing certificate...| 0xpat.github.io
Introduction This is the first post of a series which regards development of malicious software. In this series we will explore and try to implement multiple techniques used by malicious applications to execute code, hide from defenses and persist. Let’s create a C++ application that will run malicious shellcode while trying to not be caught by AV software. Why C++ and not C# or PowerShell script? Because it’s much more difficult to analyze compiled binary when compared to managed code or...| 0xpat.github.io
Introduction This is the eigth post of a series which regards the development of malicious software. In this series we will explore and try to implement multiple techniques used by malicious applications to execute code, hide from defenses and persist. This time we will implement a COFF object file loader, which is similar to BOF (beacon object file) feature of Cobalt Strike. This has been also tackled by TrustedSec.| 0xpat.github.io