Concealed_Code_Execution is a set of tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows. Here you will find explanations of how these techniques work, receive advice on detection, and get sample source code for testing your detection coverage.
This repository covers two classes of attacking techniques that extensively use internal Windows mechanisms plus provides suggestions and tools for detecting them:
The core values of the project:
One final distinctive feature of this project is the extensive use of Native API throughout the samples. Here is the motivation for this choice:
The sample code uses the Native API headers provided by the PHNT project. Make sure to clone the repository using the git clone --recurse-submodules
command to fetch this dependency. Alternatively, you can use git submodule update --init
after cloning the repository.
To build the projects included with the repository, you will need a recent version of Windows SDK. If you use Visual Studio, please refer to the built-in SDK installation. Alternatively, you can also use the standalone build environment of EWDK. To compile all tools at once, use MSBuild AllTools.sln /t:build /p:configuration=Release /p:platform=x64
.
Introduction When it comes to cybersecurity and ethical hacking, one of the most effective ways…
Introduction In the world of cybersecurity, knowledge is power. One of the most powerful skillsets…
Introduction In the vast ocean of the internet, the most powerful tool you already have…
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…