itsMe Posted January 11, 2023 Share Posted January 11, 2023 This is the hidden content, please Sign In or Sign Up Details: no crt functions imported syscall unhooking using KnownDllUnhook api hashing using Rotr32 hashing algo payload encryption using rc4 - payload is saved in .rsrc process injection - targetting 'SettingSyncHost.exe' ppid spoofing & blockdlls policy using NtCreateUserProcess stealthy remote process injection - chunking using debugging & NtQueueApcThread for payload execution This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
itsMe.webp.8407a83ac96563f75e1c428a1f0d4c3e.webp)
.webp.9a04cec050a656fab081ac190f971c3f.webp)
Hack Tools Resurrection
dEEpEst
Recommended Posts