Creating or modifying a binary files in PowerShell can be done using various methods. One common approach is to use the Set-Content cmdlet along with a byte array. This approach is useful for creating or modifying binary files directly from PowerShell, especially when dealing with small files or when you need to automate the process…
Learn how to write an assembly program with MASM and link it to get a minimal executable. Just install Visual Studio and a Windows SDK, then follow the steps below. First, we need to set up the prototypes in the assembly code as imports if we are using the Microsoft MASM assembler, rather than an…
Finding the base address of kernel32.dll in on Windows for shellcode, exploit development or otherwise can be a challenging due to various constraints. But, there are three main ways to accomplish this, which are discussed in the following sub-sections after an overview of how system DLLs work. Kernel32.dll and System DLLs Firstly, we should note…
C2 Havoc is primarily a command and control (C2) framework rather than a Remote Access Trojan (RAT). It is used mostly to manage compromised systems during cyber operations. And, more about coordinating and directing the activities of already compromised systems. C2 Havoc, in particular, is noted for its capabilities in post-exploitation scenarios, allowing attackers to…
Exploit kits in cybersecurity are software packages designed to identify and exploit security vulnerabilities in systems and software. These kits actively scan for vulnerabilities in a user’s system, such as outdated software, unpatched security vulnerabilities, or poor configuration. What are Exploit Kits? Exploit kits are typically automated, allowing cyber-criminals to easily and effectively target a…
It is useful to be able to monitor and detect when new processes start on Windows in real-time. This allows us to scan their memory or perform other checks to ensure they are legitimate or to identify potential malware. The most straightforward method is to poll the list of running processes and identify new ones…
There are several tools and frameworks designed for binary analysis, which are key for cyber-security work (e.g, malware analysis). And, lend themselves to a whole host of areas such as reverse engineering, vulnerability discovery and and exploitation. The following are some of the most popular ones and worth investigating further. You can also integrate binary…
There are several open-source endpoint security solutions available, which may be a viable alternative to commercial software; and suitable for small business and enterprises. When used holistically, they offer a viable solution and provide functionality for malware detection: system monitoring; and, intrusion detection and prevention. The fact they are open-source also allows them to tailored…