Updated README
This commit is contained in:
parent
58167078b0
commit
b7b4527ece
|
@ -1 +1 @@
|
|||
Subproject commit 13ed7f20834f58a918b6953308f72db21815716b
|
||||
Subproject commit a52ac6aefd2f739c9385984f7e69852fb5e44620
|
|
@ -1 +1 @@
|
|||
Subproject commit 6badc156c37de46de60ec8837b7e6633c40238e2
|
||||
Subproject commit ec2381157c4d5111178bdd95d737399c4b9f1604
|
|
@ -1 +1 @@
|
|||
Subproject commit fb7aeee8438b959099b01e38eadce917849ed488
|
||||
Subproject commit fcfe1e3a40f726e86a1f89e9627055a43b2604de
|
|
@ -96,4 +96,16 @@ PS> python3 rdpFileUpload.py -v -f certutil README.md
|
|||
|
||||
- **`Simulate-DNSTunnel.ps1`** - Performs DNS Tunnelling simulation for purpose of triggering installed Network IPS and IDS systems, generating SIEM offenses and picking up Blue Teams.
|
||||
|
||||
- **`UnhookMe`** - Dynamically unhooking imports resolver. Implementation of dynamic imports resolver that would be capable of unhooking used functions in-the-fly is yet another step towards strengthening adversary resilience efforts.
|
||||
|
||||
```
|
||||
[~] Resolved symbol kernel32.dll!CreateFileA
|
||||
[~] Resolved symbol kernel32.dll!ReadProcessMemory
|
||||
[~] Resolved symbol kernel32.dll!MapViewOfFile
|
||||
[~] Resolved symbol kernel32.dll!VirtualProtectEx
|
||||
[#] Found trampoline hook in symbol: MessageBoxW . Restored original bytes from file.
|
||||
[~] Resolved symbol user32.dll!MessageBoxW
|
||||
```
|
||||
|
||||
|
||||
- **`win-clean-logs.bat`** - Batch script to hide malware execution from Windows box. Source: Mandiant M-Trends 2017. ([gist](https://gist.github.com/mgeeky/3561be7e697c62f543910851c0a26d00))
|
||||
|
|
Loading…
Reference in New Issue