Updated README

2021-01-16 14:45:30 +01:00 · 2021-01-16 14:45:30 +01:00 · b7b4527ece
parent 58167078b0
commit b7b4527ece
4 changed files with 15 additions and 3 deletions
--- a/red-teaming/cobalt-arsenal
+++ b/red-teaming/cobalt-arsenal
@ -1 +1 @@
-Subproject commit 13ed7f20834f58a918b6953308f72db21815716b
+Subproject commit a52ac6aefd2f739c9385984f7e69852fb5e44620
--- a/red-teaming/malleable_redirector/proxy2
+++ b/red-teaming/malleable_redirector/proxy2
@ -1 +1 @@
-Subproject commit 6badc156c37de46de60ec8837b7e6633c40238e2
+Subproject commit ec2381157c4d5111178bdd95d737399c4b9f1604
--- a/windows/PE-library
+++ b/windows/PE-library
@ -1 +1 @@
-Subproject commit fb7aeee8438b959099b01e38eadce917849ed488
+Subproject commit fcfe1e3a40f726e86a1f89e9627055a43b2604de
--- a/windows/README.md
+++ b/windows/README.md
@ -96,4 +96,16 @@ PS> python3 rdpFileUpload.py -v -f certutil README.md

 - **`Simulate-DNSTunnel.ps1`** - Performs DNS Tunnelling simulation for purpose of triggering installed Network IPS and IDS systems, generating SIEM offenses and picking up Blue Teams.

+- **`UnhookMe`** - Dynamically unhooking imports resolver. Implementation of dynamic imports resolver that would be capable of unhooking used functions in-the-fly is yet another step towards strengthening adversary resilience efforts. 
+
+```
+[~] Resolved symbol kernel32.dll!CreateFileA
+[~] Resolved symbol kernel32.dll!ReadProcessMemory
+[~] Resolved symbol kernel32.dll!MapViewOfFile
+[~] Resolved symbol kernel32.dll!VirtualProtectEx
+[#] Found trampoline hook in symbol: MessageBoxW . Restored original bytes from file.
+[~] Resolved symbol user32.dll!MessageBoxW
+```
+
+
 - **`win-clean-logs.bat`** - Batch script to hide malware execution from Windows box. Source: Mandiant M-Trends 2017. ([gist](https://gist.github.com/mgeeky/3561be7e697c62f543910851c0a26d00))