Welcome to Dark VortΣx

Red Team TTPs Part 2: PUSH 0xPE, CALL 0xLOADER

Posted on 08 Oct 2020 by Paranoid Ninja

.blogPE or Portable executable is one of the most important topic that revolves around information security. Anything ranging from executing a process on windows, loading a DLL from disk, memory based reflective PE injections or even reflecting Dot Net Assemblies, all revolve around the P...

Tagged with: red-team blogs

Red Team TTPs Part 1: AMSI Evasion

Posted on 17 Jul 2019 by Paranoid Ninja

It’s been a while since I wrote my last blog-post. I wrote this post partially quite a while back, but then I joined as a Senior Red Team Consultant at Mandiant/Fireeye and its been a bumpy ride for me since I’ve been too busy with office projects as well as a personal project of mine for...

Tagged with: red-team blogs

Windows Shellcoding x86 – Calling Functions in Kernel32.dll – Part 2

Posted on 01 Apr 2019 by Paranoid Ninja

In the previous part, we found the address of Kernel32.dll dynamically by walking through the LDR struct. In this part, we will be focusing on finding the address of the functions(known as DLL symbols) within the Kernel32.dll and calling them by supplying the arguments. One of the methods...

Tagged with: shellcoding blogs

1 of 7 Next