PwC安全技术小组
  • PwC安全技术小组须知
  • 技术
    • 技术 - Web安全测试技术点
      • XS-Search
      • XSSI (Cross-Site Script Inclusion)
      • XSS (Cross Site Scripting)
        • PDF Injection
        • DOM XSS
        • Server Side XSS (Dynamic PDF)
        • XSS Tools
      • XXE - XEE - XML External Entity
      • XSLT Server Side Injection (Extensible Stylesheet Languaje Transformations)
      • XPATH injection
      • Web Tool - WFuzz
      • Unicode Normalization vulnerability
      • SSTI (Server Side Template Injection)
      • SSRF (Server Side Request Forgery)
      • SQL Injection
        • MSSQL Injection
        • Oracle injection
        • PostgreSQL injection
          • dblink/lo_import data exfiltration
          • PL/pgSQL Password Bruteforce
          • Network - Privesc, Port Scanner and NTLM chanllenge response disclosure
          • Big Binary Files Upload (PostgreSQL)
          • RCE with PostgreSQL Extensions
        • MySQL injection
          • Mysql SSRF
        • SQLMap - Cheetsheat
        • sqlmap
          • Second Order Injection - SQLMap
      • Reset/Forgotten Password Bypass
      • Regular expression Denial of Service - ReDoS
      • Rate Limit Bypass
      • Race Condition
      • PostMessage Vulnerabilities
      • Parameter Pollution
      • OAuth to Account takeover
      • LDAP Injection
      • NoSQL injection
      • JWT Vulnerabilities (Json Web Tokens)
      • IDOR
      • HTTP Request Smuggling / HTTP Desync Attack
      • Formula Injection
      • File Upload
        • PDF Upload - XXE and CORS bypass
      • File Inclusion/Path traversal
        • phar:// deserialization
        • LFI - Linux List
      • Email Header Injection
      • Deserialization
        • Java JSF ViewState (.faces) Deserialization
        • NodeJS - __proto__ & prototype Pollution
        • Basic Java Deserialization (ObjectInputStream, readObject)
        • Java DNS Deserialization, GadgetProbe and Java Deserialization Scanner
        • CommonsCollection1 Payload - Java Transformers to Rutime exec() and Thread Sleep
        • Basic .Net deserialization (ObjectDataProvider gadget, ExpandedWrapper, and Json.Net)
        • Exploiting __VIEWSTATE knowing the secrets
        • Exploiting __VIEWSTATE without knowing the secrets
      • Domain/Subdomain takeover
      • CSRF (Cross Site Request Forgery)
      • Dangling Markup - HTML scriptless injection
      • CRLF (%0D%0A) Injection
      • Cross-site WebSocket hijacking (CSWSH)
      • CORS - Misconfigurations & Bypass
      • Cookies Hacking
      • Content Security Policy (CSP) Bypass
      • Client Side Template Injection (CSTI)
      • Command Injection
      • Clickjacking
      • Cache Poisoning and Cache Deception
      • Captcha Bypass
      • Bypass Payment Process
      • Abusing hop-by-hop headers
      • 2FA/OTP Bypass
    • 技术 - 安全开发知识库
      • 代码审计
        • Cobra安装与使用
        • 智能合约代码审计
        • FindSecBugs安装与使用
        • SonarQube踩坑记
        • SonarQube安装与使用
      • 移动安全
        • 移动安全扫描
        • 移动安全工具
      • 安全开发
        • API网关
        • API网关设计
      • 安全防护
        • 全站https
        • waf
        • waf
        • waf
      • 安全测试
        • API安全测试
        • APP安全测试
        • 安全测试checklist
        • DAST&SAST&IAST
        • tools-skills
          • APP脱壳技巧
          • https抓包
          • 抓包技巧
          • 信息泄漏漏洞利用
          • Web安全工具
      • 漏洞管理
    • 技术 - 红队攻击手段介绍
      • offensive-security-experiments
        • Active Directory & Kerberos Abuse
        • Pentesting Cheatsheets
        • active-directory-kerberos-abuse
          • From Domain Admin to Enterprise Admin
          • Kerberoasting
          • Kerberos: Golden Tickets
          • Kerberos: Silver Tickets
          • AS-REP Roasting
          • Kerberoasting: Requesting RC4 Encrypted TGS when AES is Enabled
          • Kerberos Unconstrained Delegation
          • Kerberos Constrained Delegation
          • Kerberos Resource-based Constrained Delegation: Computer Object Take Over
          • Domain Compromise via DC Print Server and Kerberos Delegation
      • offensive-security
        • Red Team Infrastructure
        • Initial Access
        • Code Execution
        • Code & Process Injection
        • Defense Evasion
        • Enumeration and Discovery
        • Privilege Escalation
        • Credential Access & Dumping
        • Lateral Movement
        • Persistence
        • Exfiltration
      • miscellaneous-reversing-forensics
        • Windows / OS Internals
        • Cloud
        • Neo4j
        • Dump Virtual Box Memory
        • AES Encryption Using Crypto++ .lib in Visual Studio C++
        • Reversing Password Checking Routine
  • 工具
    • 工具 - BloodHound基础使用
    • 工具 - CobaltStrike基础使用
      • 目录
      • Cobalt Strike简介
      • Cobalt Strike基本使用
      • Cobalt Strike Beacon命令
      • Cobalt Strike脚本使用
      • Cobalt Strike脚本编写
      • Cobalt Strike扩展
      • Cobalt Strike原理介绍
        • 介绍
        • Payload生成分析
      • Cobalt Strike攻击防御
      • 说明
      • cobalt-strikejiao-ben-bian-xie
        • COM劫持利用脚本编写
        • aggressor-script文档翻译
        • ArtifactPayloadGenerator.cna脚本bug修复
        • TODO
      • cobalt-strikeji-ben-shi-yong
        • 界面功能介绍
        • CS4.0功能演示
        • 监听器(Listener)
      • cobalt-strikekuo-zhan
        • Malleable C2
        • External C2
        • CS证书相关
        • CS Beacon和监听器
        • 转发重定向
        • CDN代理转发
        • CDN与转发器
        • CS部分功能启用
        • CS检测工具CobaltStrikeScan绕过
        • 联动Core impact
由 GitBook 提供支持
在本页

这有帮助吗?

  1. 技术
  2. 技术 - 红队攻击手段介绍
  3. offensive-security

Defense Evasion

上一页Code & Process Injection下一页Enumeration and Discovery

最后更新于4年前

这有帮助吗?

Here are the articles in this section:

AV Bypass with Metasploit Templates and Custom Binaries
Evading Windows Defender with 1 Byte Change
Bypassing Windows Defender: One TCP Socket Away From Meterpreter and Beacon Sessions
Bypassing Cylance and other AVs/EDRs by Unhooking Windows APIsEDR / AV Evasion
Windows API Hashing in MalwareEvasion
Detecting Hooked Syscalls
Calling Syscalls Directly from Visual Studio to Bypass AVs/EDRs
Retrieving ntdll Syscall Stubs from Disk at Run-time
Full DLL Unhooking with C++EDR evasion
Enumerating RWX Protected Memory Regions for Code InjectionCode Injection, Defense Evasion
Disabling Windows Event Logs by Suspending EventLog Service Threads
Obfuscated Powershell InvocationsDefense Evasion
Masquerading Processes in Userland via _PEBUnderstanding how malicious binaries can maquerade as any other legitimate Windows binary from the userland.
Commandline ObfusactionCommandline obfuscation
File Smuggling with HTML and JavaScript
TimestompingDefense Evasion
Alternate Data Streams
Hidden FilesDefense Evasion, Persistence
Encode/Decode Data with CertutilDefense Evasion
Downloading Files with CertutilDownloading additional files to the victim system using native OS binary.
Packed BinariesDefense Evasion, Code Obfuscation
Unloading Sysmon DriverUnload sysmon driver which causes the system to stop recording sysmon event logs.
Bypassing IDS Signatures with Simple Reverse Shells
Preventing 3rd Party DLLs from Injecting into your Malware
ProcessDynamicCodePolicy: Arbitrary Code Guard (ACG)
Parent Process ID (PPID) Spoofing
Executing C# Assemblies from Jscript and wscript with DotNetToJscript