Загрузка видео...

Не удалось загрузить видео

На главную

Tools such as from Impacket are usually flagged for lateral movement due to the pre-built service executable that is dropped on the remote system. However, some vendors also flag Impacket based on its behaviour. With RustPack, you can easily create service executables that won't be detected by signatures or...

70,578 просмотров • 8 месяцев назад •via X (Twitter)

Комментарии: 0

Нет доступных комментариев

Здесь появятся комментарии из оригинального поста

Похожие видео

How do you create your payloads in 2025? At MSec Operations we prefer to use DLL sideloading for EDR evasion. This technique allows our malicious code to run within a signed, legitimate executable. Combining this technique with other useful techniques will provide stable execution to fly under the radar. 🛸 The following video demonstrates the use of #RustPack to create such a payload in just a few seconds. The command line usage shows that our input payload is a simple unmodified Apollo C2 executable. We want to clone all the exported functions from the original Windows wininet.dll to create our own library with the same name. The execution of the payload will be delayed by ~5 seconds in this case, without using the Win32 sleep function, but by performing random calculations. ⏲️ Hardware breakpoints are used to bypass the Antimalware Scan Interface (AMSI). Without an AMSI bypass, Apollo would be flagged as a C# assembly when loaded. 🎓 Our payload will only fire on a domain joined system, this basically prevents it from running in e.g. sandbox environments. 🤠 Last but not least, in this example, the encrypted payload itself is stored in a separate file on the target system and not even in the same folder as our malicious DLL. Anyone analysing just the DLL will never be able to find out what the payload is. Automatic sample submissions for cloud analysis usually only upload the executable or DLL, emulators won't see the real payload either. 🤠 Tired of creating such payloads yourself? With #RustPack it's really easy, and payloads always look completely different, even if the same payload is packed twice to avoid signature-based detection Contact us via info[at] for more information! 👍

MSec Operations

26,003 просмотров • 1 год назад

In one of our previous videos we demonstrated how to generate sideloading binaries by cloning the exports of an existing DLL to forward them - . However, using Microsoft DLLs and Microsoft-signed binaries is not the best OPsec, as it's easy for EDR vendors to create a detection rule for e.g. "version.dll" being loaded from a non-System32 directory. 🧐 We therefore recommend using third party signed executables that attempt to load their own DLL. This is much harder to track/map on the endpoint. If you know which functions are imported from your signed binary (see import table), you can also generate a sideloading DLL for persistence or initial access use cases. Bring your own third-party signed binary and voila - you're trusted! In this example, we sideload into java.exe, which is signed by Oracle. It attempts to load several DLLs - including jli.dll as shown in the video. #RustPack can easily create such DLLs with custom export functions - anti-debugging features, sandbox evasion, signature evasion and anti-emulation can be easily added. 🔥🔥 Userland hooks are bypassed by default options and you can enable custom AMSI/ETW bypasses for the process on top. If you want to use it for persistence, you can of course still clone the original DLL exports as we did in the previous video and forward them accordingly. 👍 Interested in buying RustPack? Contact us at info[at] ! #RedTeam #Pentest #OST #Maldev #Malware #Havoc

MSec Operations

10,686 просмотров • 1 год назад

This speech from Ustad Sayyaf clearly shows how Mujahideen leaders can fail miserably when they are tested with power and wealth. Full translation; We can never live with them in the future, we can never reconcile between Islam and Kufr, not today and not in the future. Friendship with the disbelievers, friendship with the enemies of Islam, is completely forbidden in Islam, and you will not be able to find an excuse for such friendship in Islam. The Islamic ruling on this is clear. We waged jihad for the establishment of the Islamic system. In this Islamic system, only Muslims can rule. Be very careful with your work. Make an effort, this is necessary for you, me and every leader of jihad, to uphold your promises, and don’t ever break your promises (of establishing the Islamic system). The prophet (pbuh) said that in the next life, for every traitor, behind him a flag will be raised, the height of the flag will be according to level betrayal, and the highest flags will be behind the treacherous leaders. May Allah (swt) protect our leaders, our mujahideen and our commanders from that outcome. It is forbidden to have any type of relationship with Zindeeq and apostates. You are not even allowed to trade with apostates. You are not even allowed to travel with them. You can’t even ask for directions from them. You can’t even give them directions if they ask you. This is an Islamic ruling. For this reason, if a communist was Muslim and left Islam, he is an apostate, and it is forbidden to be tolerant towards him. You are not even allowed to talk to them…

The Sure Path

18,838 просмотров • 6 месяцев назад

Here is how you can install an open-source, enterprise-grade RAG system on your server (with the best document understanding I've seen.) First, something obvious to anyone trying to sell RAG in the market: You are crazy if you think companies will let their data travel to a hosted model. No one wants to send their data anywhere (those who do haven't found an alternative.) Every single company would rather have an air-gapped system with no internet access. GroundX is an open-source RAG system that you can run on your servers (or any cloud provider, as long as you have access to GPUs) and works without a network. (If the military wants to do RAG, this is precisely what they will be looking for.) I installed GroundX on my AWS account and recorded a video to show you how to use it. There are two services you can use: 1. Ingest: This service uses a pretrained vision model to ingest and understand your knowledge base. 2. Search: This service combines text and vector search with a fine-tuned re-ranker model to retrieve information from your knowledge base. A quick note about the Ingest service: 99% of people think they need better "retrieval" mechanisms. I think they need better "ingestion." That's where this service comes in! Ingest "understands" your documents in a way I haven't seen before. After you try it, you'll realize why showing your LLM your raw documents is a bad idea. In the video, I use a free tool called X-Ray to test a document and understand how the Ingest service breaks it down. You can access this tool by signing up for a free GroundX cloud account and uploading your documents. You'll see a bit more about this in the video.

Santiago

89,624 просмотров • 1 год назад