D1rkMtr

Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique

D1rkMtr

Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation , it contains Anti-sandbox , if you run it under unperformant V...

D1rkMtr

Write a UUIDs bytes array "*" collected to the Alternate Data Stream of the current binary , then the ADS Runner will get the DATA tranfert it into a char table nice UUIDS shellcode and Run it

D1rkMtr

Digging deeper into AmsiScanBuffer internals, and identifying 7 possibles AMSI patching by forcing a conditional jump to a branch that sets the return value of AmsiScanBuffer to E_INVALIDARG and makes...

D1rkMtr

Changing the Creation time and the Last Written time of a dropped file by the timestamp of other one , like the "kernel32.dll" timestamp

D1rkMtr

Patching Event Tracing for Windows, by overwriting "call ntdll!EtwpEventWriteFull" inside ntdll!EtwEventWrite , the patched call do the actual Event Writing

D1rkMtr

Execute Remote Assembly with args passing and with AMSI and ETW patching

D1rkMtr

Run Fileless Remote Shellcode directly in memory with Module Unhooking , Module Stomping, No New Thread. This repository contains the TeamServer and the Stager

D1rkMtr

Abusing Github API to host our C2 traffic, usefull for bypassing blocking firewall rules if github is in the target white list , and in case you don't have C2 infrastructure , now you have a free one

D1rkMtr

This Repo is created for documenting my Debugging discovery journey

D1rkMtr