Abusing .NET Core CLR Diagnostic Features (+ CVE-2023-33127) IntroductionBackground.NET is an ecosystem of frameworks, runtimes, and lan... 2023-11-27 20:51:30 | 阅读: 21 | 收藏 | bohops - bohops.com diagnostic profiler microsoft client dcom

No Alloc, No Problem: Leveraging Program Entry Points for Process Injection IntroductionProcess Injection is a popular technique used by Red Teams and thre... 2023-6-9 08:53:46 | 阅读: 1 | 收藏 | bohops - bohops.com shellcode suspended injection memory

Investigating .NET CLR Usage Log Tampering Techniques For EDR Evasion (Part 2) IntroductionLast year, I blogged about Investigating .NET CLR Usage Log Tamperi... 2022-8-23 07:48:27 | 阅读: 2 | 收藏 | bohops - bohops.com createfilew microsoft usagelogs kernelbase tampering

Unmanaged Code Execution with .NET Dynamic PInvoke Yes, you read that correctly – “Dynamic Pinvoke” as in “Dynamic Platform Invoke”... 2022-4-3 00:45:49 | 阅读: 1 | 收藏 | bohops - bohops.com pinvoke paramtypes

Analyzing and Detecting a VMTools Persistence Technique IntroductionIt is always fun to reexplore previously discovered techniques or p... 2021-10-8 11:42:18 | 阅读: 1 | 收藏 | bohops - bohops.com sysmon monitoring machine security

CVE-2021-0090: Intel Driver & Support Assistant (DSA) Elevation of Privilege (EoP) TL;DRIntel Driver & Support Assistant (DSA) is a driver and software update uti... 2021-8-8 00:30:24 | 阅读: 3 | 收藏 | bohops - bohops.com dsa windows reparse microsoft

Abusing and Detecting LOLBIN Usage of .NET Development Mode Features BackgroundAs discussed in this previous post, Microsoft has provided valuable (... 2021-5-31 00:24:30 | 阅读: 1 | 收藏 | bohops - bohops.com sysmon windows microsoft devpath

Investigating .NET CLR Usage Log Tampering Techniques For EDR Evasion IntroductionIn recent years, there have been numerous published techniques for... 2021-3-16 12:8:58 | 阅读: 2 | 收藏 | bohops - bohops.com microsoft usagelogs monitoring

Exploring the WDAC Microsoft Recommended Block Rules (Part II): Wfc.exe, Fsi.exe, and FsiAnyCpu.exe IntroductionIn Part One, I blogged about VisualUiaVerifyNative.exe, a LOLBIN t... 2020-11-2 08:43:57 | 阅读: 3 | 收藏 | bohops - bohops.com wdac wfc microsoft bypass enforced

Exploring the WDAC Microsoft Recommended Block Rules: VisualUiaVerifyNative IntroductionIf you have followed this blog over the last few years, many of the... 2020-10-15 11:24:58 | 阅读: 4 | 收藏 | bohops - bohops.com wdac microsoft payload

WS-Management COM: Another Approach for WinRM Lateral Movement IntroductionLateral movement techniques in the wonderful world of enterprise Window... 2020-5-13 00:45:56 | 阅读: 3 | 收藏 | bohops - bohops.com remote wsman windows microsoft powershell

ClickOnce (Twice or Thrice): A Technique for Social Engineering and (Un)trusted Command Execution | | bohops | What is ClickOnce?ClickOnce is a “a Microsoft technology that enables the user... 2018-02-17 21:19:59 | 阅读: 22 | 收藏 | bohops.com clickonce windows payload launching microsoft