Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.
This technique is finding RWX region in already running processes in this case OneDrive.exe and Write shellcode into that region and execute it without calling VirtualProtect, VirtualAllocEx, VirtualAlloc.
Just compile the program and run the (EXE) without any paremeter.
This technique will work with ntdll based shellcode which is not dependent on any section. I used to generate my shellcode.
Xenon is a Windows agent designed for the Mythic framework, inspired by tools like Cobalt…
The OSCP (Offensive Security Certified Professional) certification is a highly respected credential in the cybersecurity…
Famatech offers two powerful network management tools: Advanced IP Scanner and Advanced Port Scanner. Both…
In the realm of PlayStation 5 (PS5) development, two significant tools have emerged to enhance…
C2IntelFeeds is a powerful tool designed to provide actionable threat intelligence to cybersecurity professionals. It…
goLAPS is a tool designed to interact with the Local Administrator Password Solution (LAPS) in…