unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
Abusing .NET Core CLR Diagnostic Features (+ CVE-2023-33127)
IntroductionBackground.NET is an ecosystem of frameworks, runtimes, and lan...
2023-11-27 20:51:30 | 阅读: 21 |
收藏
|
bohops - bohops.com
diagnostic
profiler
microsoft
client
dcom
No Alloc, No Problem: Leveraging Program Entry Points for Process Injection
IntroductionProcess Injection is a popular technique used by Red Teams and thre...
2023-6-9 08:53:46 | 阅读: 1 |
收藏
|
bohops - bohops.com
shellcode
suspended
injection
memory
Investigating .NET CLR Usage Log Tampering Techniques For EDR Evasion (Part 2)
IntroductionLast year, I blogged about Investigating .NET CLR Usage Log Tamperi...
2022-8-23 07:48:27 | 阅读: 2 |
收藏
|
bohops - bohops.com
createfilew
microsoft
usagelogs
kernelbase
tampering
Unmanaged Code Execution with .NET Dynamic PInvoke
Yes, you read that correctly – “Dynamic Pinvoke” as in “Dynamic Platform Invoke”...
2022-4-3 00:45:49 | 阅读: 1 |
收藏
|
bohops - bohops.com
pinvoke
paramtypes
Analyzing and Detecting a VMTools Persistence Technique
IntroductionIt is always fun to reexplore previously discovered techniques or p...
2021-10-8 11:42:18 | 阅读: 1 |
收藏
|
bohops - bohops.com
sysmon
monitoring
machine
security
CVE-2021-0090: Intel Driver & Support Assistant (DSA) Elevation of Privilege (EoP)
TL;DRIntel Driver & Support Assistant (DSA) is a driver and software update uti...
2021-8-8 00:30:24 | 阅读: 3 |
收藏
|
bohops - bohops.com
dsa
windows
reparse
microsoft
Abusing and Detecting LOLBIN Usage of .NET Development Mode Features
BackgroundAs discussed in this previous post, Microsoft has provided valuable (...
2021-5-31 00:24:30 | 阅读: 1 |
收藏
|
bohops - bohops.com
sysmon
windows
microsoft
devpath
Investigating .NET CLR Usage Log Tampering Techniques For EDR Evasion
IntroductionIn recent years, there have been numerous published techniques for...
2021-3-16 12:8:58 | 阅读: 2 |
收藏
|
bohops - bohops.com
microsoft
usagelogs
monitoring
Exploring the WDAC Microsoft Recommended Block Rules (Part II): Wfc.exe, Fsi.exe, and FsiAnyCpu.exe
IntroductionIn Part One, I blogged about VisualUiaVerifyNative.exe, a LOLBIN t...
2020-11-2 08:43:57 | 阅读: 3 |
收藏
|
bohops - bohops.com
wdac
wfc
microsoft
bypass
enforced
Exploring the WDAC Microsoft Recommended Block Rules: VisualUiaVerifyNative
IntroductionIf you have followed this blog over the last few years, many of the...
2020-10-15 11:24:58 | 阅读: 4 |
收藏
|
bohops - bohops.com
wdac
microsoft
payload
WS-Management COM: Another Approach for WinRM Lateral Movement
IntroductionLateral movement techniques in the wonderful world of enterprise Window...
2020-5-13 00:45:56 | 阅读: 3 |
收藏
|
bohops - bohops.com
remote
wsman
windows
microsoft
powershell
ClickOnce (Twice or Thrice): A Technique for Social Engineering and (Un)trusted Command Execution | | bohops |
What is ClickOnce?ClickOnce is a “a Microsoft technology that enables the user...
2018-02-17 21:19:59 | 阅读: 22 |
收藏
|
bohops.com
clickonce
windows
payload
launching
microsoft
Previous
-8
-7
-6
-5
-4
-3
-2
-1
Next