|
|
#1
02-18-2017, 00:17
|
||||
|
||||
|
fileless malware
Hi all
fileless malware are on the rise (see latest Duqu), because thanks to some powershell tricks anyone can write them easily. The learning curve for a fileless malware is now extremely low. In the past you had to, at least, implement a dll-in-memory loader (I wrote one tutorial about this few years ago, you can find it around "Loading_a_DLL_from_memory_Shub-Nigurrath_v12.rar"). Duqu rise: https://www.schneier.com/blog/archives/2017/02/duqu_malware_te.html Some frameworks to create similar payloads ... https://github.com/Genetic-Malware/Ebowla it's a Framework for making Environmental Keyed Payload with reflective DLL, ShellCode, Powershell.. https://github.com/byt3bl33d3r/CrackMapExec its an Opsec safe for pentesting Windows/Active Directory environment .. https://github.com/n1nj4sec/pupy a RAT written in Python then cross-platform, with a very low footprint https://github.com/EmpireProject simply a Powershell post-exploitation agent. Shub
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪) There are only 10 types of people in the world: Those who understand binary, and those who don't http://www.accessroot.com 
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| ahk malware analysis | dion | General Discussion | 0 | 12-20-2021 08:50 |
| Malware Sample analysis | Aesculapius | Source Code | 2 | 02-13-2018 19:35 |
Threaded Mode