New code snippet that demonstrate how Malware authors create self-deleting application. This technique rely on code injection to a remote process that is tasked to inspect for malware sample process end.

PostgreSQL allows developers to create their own functions, known as UDFs (User Defined Functions). These functions can be used to perform a variety of tasks within the database, such as data manipulation or analysis. However, if a UDF is not properly secured, it could potentially be exploited by a malicious actor to execute arbitrary code, such as shellcode, on the server.

To exploit a UDF, an attacker would need to have sufficient privileges to register a new function. This may be achieved through a vulnerability in an application connected to the database, such as a SQL injection. The attacker could then create and register a UDF that contains the desired shellcode, and trigger it to execute on the server.

It is important to note that this is just one example of how a UDF could potentially be exploited. It is crucial to secure your database and applications to prevent such attacks from being successful. This includes properly input validation, sanitization, and proper user privilege management.

YASE (Yet Another Sub Encoder) Encoder is python project created during my OSCE (Offensive Security Certified Expert) preparation to better understand and simplify the process of sub encoding shellcode in order to escape bad character restriction.

New code snippet to demonstrate an alternative of famous GetProcAddress Windows API through parsing target DLL PE Header.

New code snippet that demonstrate how to automatically detect code caves in Microsoft Windows PE Files.

It is then possible to inject a shellcode in located code-cave (optionally encrypted) and redirect PE file entrypoint to shellcode.

This was a common technique used by old school viruses to inject other applications and self-replicate.

Available commands:

• -f / --file : Valid PE File location (Ex: /path/to/calc.exe).
• -p / --payload : Shellcode Payload (Example: "\x01\x02\x03…\x0a").
• -x / --encrypt : Encrypt main section (entry point section).
• -k / --encryption-key : Define custom encryption key (1 Byte only).
• -c / --cave-opcodes : Define code opcode list to search for.
• -s / --cave-min-size : Minimum size of region to be considered as code cave.
• -e / --egg : Define a custom egg name (ESP Restore Mechanism).

New snippet that demonstrate the use of Windows API OutputDebugStringA and OutputDebugStringW to detect the presence of debuggers.

New code snippet that demonstrate the usage of SuspendThread to detect the presence of debuggers.

New code snippet that demonstrate how Malware authors detects the presence of debuggers using both Microsoft Windows API's: FindWindowA and FindWindowW API's.

New code snippet that demonstrate how Malware authors detects the presence of debuggers using both Microsoft Windows API's: FindWindowA and FindWindowW API's.

New code snippet that demonstrate how malware control the Debug flag from a running process PEB (Process Environment Block) in order to detect the presence of a debugger.

The application is a tool that allows you to run commands as another Microsoft Windows user without spawning a new console. This means that the commands are executed within the current terminal, rather than in a separate window.

To use the application, you need to specify the name and password of the user that you want to run the command as, as well as the command itself. The application will then execute the command as the specified user, attached to the current terminal.

This can be useful in a variety of situations where you need to run a command with different permissions or privileges than your own user account. For example, you might use the application to run a command as an administrator when you don't have administrative permissions, or to run a command as a different user in order to test or troubleshoot something.

The application is a command-line tool that allows you to execute commands as a different user without the need to log out and log back in. This can be useful in a variety of situations where you need to run a command with different permissions or privileges than your own user account, such as when you need to run a command as an administrator or when you need to test or troubleshoot something.

To use the application, you need to specify the name and password of the user that you want to run the command as, as well as the command itself. The application will then execute the command as the specified user within the current console window.

The application is a tool that allows you to run commands as another Microsoft Windows user without spawning a new console. This means that the commands are executed within the current terminal, rather than in a separate window.

To use the application, you need to specify the name and password of the user that you want to run the command as, as well as the command itself. The application will then execute the command as the specified user, attached to the current terminal.

This can be useful in a variety of situations where you need to run a command with different permissions or privileges than your own user account. For example, you might use the application to run a command as an administrator when you don't have administrative permissions, or to run a command as a different user in order to test or troubleshoot something.

Win Brute Logon is designed to simulate a brute-force attack on a Microsoft account by guessing large numbers of password combinations in a short amount of time. This allows pentesters to test the security posture of their systems and assess their defenses against brute-force attacks. The tool exploits the lack of an account lockout mechanism, which is a common weakness in many systems (before account lockout becomes enabled by default on Windows 11). By attempting to guess the password of an account, the tool can help pentesters identify and address vulnerabilities in their security measures. It should be used responsibly and within the bounds of the law.

Delphi unit that demonstrate how to enumerate DLL exported functions names and addresses through parsing PE Header.