Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.
This technique is finding RWX region in already running processes in this case OneDrive.exe and Write shellcode into that region and execute it without calling VirtualProtect, VirtualAllocEx, VirtualAlloc.
Just compile the program and run the (EXE) without any paremeter.
This technique will work with ntdll based shellcode which is not dependent on any section. I used to generate my shellcode.
MySQL is the most popular open-source relational database management system. It is fast, reliable, and a…
Git is the most widely used version control system in the world. It was created by…
Go (also called Golang) is an open-source programming language built by Google. It is designed to…
Visual Studio Code (VS Code) is an open-source code editor developed by Microsoft. It is one…
Nginx (pronounced "engine x") is an open-source, high-performance web server and reverse proxy. It is used…
Apache is one of the most widely used open-source web servers in the world. It is…