Search the Community
Showing results for tags 'workshop'.
Found 3 results
Writing custom backdoor payloads with C# This workshop aims to provide attendees hands-on experience on writing custom backdoor payloads using C# for the most common command and control frameworks including Metasploit, Powershell Empire and Cobalt Strike. The workshop consists in 7 lab exercises; each of the exercises goes over a different technique that leverages C# and .NET capabilities to obtain a reverse shell on a victim Windows host. The covered techniques include raw shellcode injection, process injection, process hollowing, runtime compilation, parent pid spoofing, antivirus bypassing, etc. At the end of this workshop attendees will have a clear understanding of these techniques both from an attack and defense perspective. Skill Level: Intermediate Prerequisites: Basic to intermediate programming/scripting skills. Prior experience with C# helps but not required. Materials: Laptop with virtualization software. A Windows 10 virtual machine and a Kali Linux Virtual Machine. The "Writing custom back payloads with C#" workshop was first presented at [Hidden Content]. Authors Mauricio Velazco - @mvelazco Olindo Verrillo - @olindoverrillo Labs Lab 1 : Hello World The goal of this lab is to implement the typical Hello World example with C#. The first exercise uses .NETs Console class to print “Hello World” while the second uses .NETs Platform Invocation Services feature to import and call the Win32 Api MessageBox. Lab 2 : Custom Meterpreter Stager The goal of this lab is to write a custom Meterpreter stager with C# by leveraging the WebClient class to download meterpreter’s second stage and Win32 API functions to copy the second stage in memory and execute it. Lab 3 : Raw Shellcode Injection The goal of this lab is to write a custom binary that injects a pre-defined shellcode into memory and executes it. Metasploit’s msfvenom will be used to generate the shellcode and the same Win32 API calls used in Lab 2 will be used to perform the execution. Lab 4 : Shellcode Obfuscation The goal of this lab is to reduce detection of the custom payloads by signature based anti-malware. We can achieve this by obfuscating the shellcode generated by msfvenom using two common techniques: XOR and AES Lab 5 : PowerShell without PowerShell.exe The goal of this lab is to execute a Powershell script and avoid to use the powershell.exe binary by leveraging the .NET framework and C#. Using this technique, we will get a Powershell Empire agent. Lab 6 : DLL Injection The goal of this lab is to implement the DLL Injection technique using C# and obtain a reverse shell from a victim host. Using 3 different exercises, we will understand and implement the different steps for a successful injection. Lab 7 : Process Hollowing The goal of this lab is to understand and implement the Process Hollowing technique using C# technique to obtain a reverse shell on a victim host. Lab 8 : Parent Process Spoofing The goal of the final lab is to leverage C# to spawn a new process spoofing its parent process and inject shellcode to it to obtain a reverse shell. Download [hide][Hidden Content]]
The Hex Workshop Hex Editor by BreakPoint Software is a complete set of hexadecimal development tools for Microsoft Windows. Hex Workshop integrates advanced binary editing and data interpretation and visualization with the ease and flexibility of a modern word processor. With the Hex Workshop, you can edit, cut, copy, paste, insert, fill and delete binary data. You can also work with data in its native structure and data types using our integrated structure viewer and smart bookmarks. Data editing is quick and easy with our extensive features that allow you to: jump to file or sector location, find or replace data, perform arithmetic, bitwise, and logical operations, binary compare files, generate checksums and digests, view character distributions and export data to RTF or HTML for publishing. Hex Workshop v188.8.131.521 + patch Info: [Hidden Content] [HIDE][Hidden Content]] Pass: level23hacktools.com