Introduction In the past when writing/using little implants and agents, a blocker seems to be embedding shellcode. Shellcode that has malicious intent and is designed to give us a shell or execute some form of ‘dangerous’ process has likely been caught in the past, signatured and had the word spread to AV vendors. For that…
First Steps As the title states, this post will focus primarily around some obfuscation steps I am taking for my generated source code. All templates and code blobs that are used and merged together through the entire process are clear text, commented, very human readable and have obviously named functions and variables. I was doing…
Introduction In the previous post, I briefly introduced my new side project, ‘meh’. This loosely detailed the idea, the current state of the tool and the next steps I was planning. Since then, I have implemented a collection of new features, slowly ticking away at the previous ’next steps’ list, as well as refactoring some…
Introduction Meh (‘Moderate Efficiency Helper’) is a tool I started recently that combines a bunch of things I love, all into one. In short, meh helps randomly generate and compile binaries that can help get malicious payloads, and tools, past detection systems. The current list of things I love that this tool is helping cover:…
TLDR; Code here -> https://github.com/crawl3r/FunWithAMSI Introduction We all know that AMSI can be a pain sometimes. We just want to get our beacon running, pop some dodgy code, abuse something that Windows doesn’t like, whatever it may be. But who is right there, waiting to ruin our fun… that’s right, good old AMSI. Although a pain,…