daem0nc0re
daem0nc0re
Thanks for reporting. I will check next week as I am busy this week. Did you execute the PoC with administrative privilege? [On the first execution, the PoC requires administrative...
I tried it on Win11 and Win10 1903 but failed to reproduce your issue. It seems that my [P/Invoke signature](https://github.com/daem0nc0re/PrivFu/blob/1ac1a43d12a11774d1de0d7e1514f5a7525adc77/PrivilegedOperations/SeAuditPrivilegePoC/SeAuditPrivilegePoC.cs#L115) does not wrong with [Microsoft document](https://learn.microsoft.com/en-us/windows/win32/api/authz/nf-authz-authzregistersecurityeventsource). Please let me know...
My PE Injection PoCs use `NtCreateProcessEx` which allows PPID for 4th parameter, ao `InitializeProcThreadAttributeList` API and `UpdateProcThreadAttribute` API are not required. [https://github.com/daem0nc0re/TangledWinExec/blob/1298c5b140120386e67deb3584011c19dc58fbc2/TransactedHollowing/TransactedHollowing/Interop/NativeMethods.cs#L116](https://github.com/daem0nc0re/TangledWinExec/blob/1298c5b140120386e67deb3584011c19dc58fbc2/TransactedHollowing/TransactedHollowing/Interop/NativeMethods.cs#L116) Additionally, I do so because I want to...
Thanks for sharing your opinion. Essentially, the purpose of this repository is not to provide attack tools, but to provide PoCs for research or investigation about process execution techniques. If...
Thanks for your support. > Any your poc can load .net file ? or only for native file ? I have not tried with .NET file yet. I've been busy...
Thanks for sharing! I will try to address this issue next week or the week after.
I'm happy to hear that! I will try as soon as possible 💪
I started from .NET binary issue and [added .NET binary support to PE file parser of TransactedHollowing PoC](https://github.com/daem0nc0re/TangledWinExec/commit/c23b912e8376aa728ac0eaf441eb86dbd8bc933c). But `NtCreateProcessEx` and `NtMapViewOfSection` returns NTSTATUS `0x4000000E : {Machine Type Mismatch}` for...
OK. I will continue to investigate the .NET issue, but will work on the PPID first.
Added the feature you requested to my TransactedHollowing PoC. Check [this commit](https://github.com/daem0nc0re/TangledWinExec/commit/f233727fa703e5255087c5c9aec5fe1fc43ed61e).