VirtualAllocEx

icon indicating a website link https://redops.at/en/knowledge-base

icon company RedOps GmbH icon location Founder RedOps | Red Team

Results 8 comments of VirtualAllocEx

False Positives

Oh sorry, I didn't saw that. Thank you for the information.

Unable to morph - traceback error

Hello, I also tried it a few times to morph a evil.hta generated with Cobalt Strike 3.14. Is there already any solution? THX

Access violation reading location

Did you set in code generation, the **runtime library** to **Multi-threaded (/MT)**? ![image](https://user-images.githubusercontent.com/50073731/163768884-ea67b3dc-932e-46e3-81d5-46679b1ffc82.png)

Access violation reading location

I am sorry, I don't have an answer at the moment.

Hello sir, I tried using the powershell but I don't know the part where to inpute my payload direct link , can you pls break it down for me a little

Hello sir, I tried using the powershell but I don't know the part where to inpute my payload direct link , can you pls break it down for me a little

No problem. Normally if you have correctly hosted your PowerShell payload on a webserver of your choice, everything should work fine.

Question

No, the concept of direct system calls does not require administrator privileges or high integrity. Regardless of whether you are performing a task in user mode in the context of...

Question

Direct system calls are a nice technique to use when trying to avoid detection by EDRs, but it is definitely not a silver bullet. I play regularly with many different...