Updated README

This commit is contained in:
Mariusz B. / mgeeky 2021-01-16 14:45:30 +01:00
parent 58167078b0
commit b7b4527ece
4 changed files with 15 additions and 3 deletions

@ -1 +1 @@
Subproject commit 13ed7f20834f58a918b6953308f72db21815716b Subproject commit a52ac6aefd2f739c9385984f7e69852fb5e44620

@ -1 +1 @@
Subproject commit 6badc156c37de46de60ec8837b7e6633c40238e2 Subproject commit ec2381157c4d5111178bdd95d737399c4b9f1604

@ -1 +1 @@
Subproject commit fb7aeee8438b959099b01e38eadce917849ed488 Subproject commit fcfe1e3a40f726e86a1f89e9627055a43b2604de

View File

@ -96,4 +96,16 @@ PS> python3 rdpFileUpload.py -v -f certutil README.md
- **`Simulate-DNSTunnel.ps1`** - Performs DNS Tunnelling simulation for purpose of triggering installed Network IPS and IDS systems, generating SIEM offenses and picking up Blue Teams. - **`Simulate-DNSTunnel.ps1`** - Performs DNS Tunnelling simulation for purpose of triggering installed Network IPS and IDS systems, generating SIEM offenses and picking up Blue Teams.
- **`UnhookMe`** - Dynamically unhooking imports resolver. Implementation of dynamic imports resolver that would be capable of unhooking used functions in-the-fly is yet another step towards strengthening adversary resilience efforts.
```
[~] Resolved symbol kernel32.dll!CreateFileA
[~] Resolved symbol kernel32.dll!ReadProcessMemory
[~] Resolved symbol kernel32.dll!MapViewOfFile
[~] Resolved symbol kernel32.dll!VirtualProtectEx
[#] Found trampoline hook in symbol: MessageBoxW . Restored original bytes from file.
[~] Resolved symbol user32.dll!MessageBoxW
```
- **`win-clean-logs.bat`** - Batch script to hide malware execution from Windows box. Source: Mandiant M-Trends 2017. ([gist](https://gist.github.com/mgeeky/3561be7e697c62f543910851c0a26d00)) - **`win-clean-logs.bat`** - Batch script to hide malware execution from Windows box. Source: Mandiant M-Trends 2017. ([gist](https://gist.github.com/mgeeky/3561be7e697c62f543910851c0a26d00))