|
Persistence techniques
by Kxd - Monday January 29, 2024 at 01:15 AM
|
|
Jan 29, 2024, 01:15 AM
Personally for you guys, which is the most and least hard persistence technique (talking about implementation) that dont relay on exploits?
(sorry for bad english, lol)
Jan 29, 2024, 09:16 PM
Feb 02, 2024, 04:53 PM
(Jan 29, 2024, 09:16 PM)basileusapoleia Wrote:(Jan 29, 2024, 01:15 AM)Kxd Wrote: Personally for you guys, which is the most and least hard persistence technique (talking about implementation) that dont relay on exploits? I would also recommend DDL proxying/hijacking
Feb 03, 2024, 07:51 PM
(Feb 02, 2024, 04:53 PM)red_dot Wrote:(Jan 29, 2024, 09:16 PM)basileusapoleia Wrote:(Jan 29, 2024, 01:15 AM)Kxd Wrote: Personally for you guys, which is the most and least hard persistence technique (talking about implementation) that dont relay on exploits? DLL hijacking is still an option in these days? like, i thought microsoft stopped using relative paths since dll hijacking became famous
Feb 03, 2024, 10:17 PM
(Feb 03, 2024, 07:51 PM)Kxd Wrote:(Feb 02, 2024, 04:53 PM)red_dot Wrote:(Jan 29, 2024, 09:16 PM)basileusapoleia Wrote:(Jan 29, 2024, 01:15 AM)Kxd Wrote: Personally for you guys, which is the most and least hard persistence technique (talking about implementation) that dont relay on exploits? I was think more of finding exe that loads dll that doesn't exists in same directory or does not exists at all. For example Opera have dbghelp.dll in it's IAT. Also u can create DLL proxy, rename original DLL, place ur own at its place and redirect all function calls to copied DLL that ur proxy DLL loaded. Hope it makes sense 
Feb 03, 2024, 11:01 PM
I used WMI Event Subscription back then
Nowadays I go for obscure shit that there is no chance someone writes a detection rule for.
Feb 03, 2024, 11:17 PM
(Feb 03, 2024, 11:01 PM)Nevertheless Wrote: I used WMI Event Subscription back then Nice, i think the only best way to make good malware is to invent as much custom techniques as u can so it's standing out of standard looking mw
Feb 04, 2024, 12:24 AM
(Feb 03, 2024, 11:17 PM)red_dot Wrote:(Feb 03, 2024, 11:01 PM)Nevertheless Wrote: I used WMI Event Subscription back then Exactly
Feb 04, 2024, 02:58 PM
(Feb 03, 2024, 11:01 PM)Nevertheless Wrote: I used WMI Event Subscription back then https://wikileaks.org/ciav7p1/cms/page_14587908.html u fed bruh? 
(Feb 03, 2024, 10:17 PM)red_dot Wrote:(Feb 03, 2024, 07:51 PM)Kxd Wrote:(Feb 02, 2024, 04:53 PM)red_dot Wrote:(Jan 29, 2024, 09:16 PM)basileusapoleia Wrote:(Jan 29, 2024, 01:15 AM)Kxd Wrote: Personally for you guys, which is the most and least hard persistence technique (talking about implementation) that dont relay on exploits? Oh yeah, i've heard of dll's that don't exist but programs still try to load them and then if you put a dll with the same name they will load it and all, pretty cool though, thank you! (Feb 03, 2024, 11:01 PM)Nevertheless Wrote: I used WMI Event Subscription back then Shit that sounds cool as hell, any tips of where to begin writing my own custom shit? Like to don't need ro rely on already used techniques. Im kinda clueless on where to start doing these type of stuff |
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
| Sektor7 - Malware Development Advanced - Vol.1 | 425 | 43,469 |
3 hours ago Last Post: xdlol199485 |
||
| [Go] Using the recycle bin for stealthy persistence (Beginner tutorial) | 17 | 1,036 |
Yesterday, 11:13 PM Last Post: learn1 |
||
| [Sektor7] Full Recent Course | 31 | 820 |
Yesterday, 11:11 PM Last Post: learn1 |
||
| [ LIST ] 5 FREE STEALERS WITH PROS/CONS | 388 | 15,207 |
Yesterday, 10:49 PM Last Post: learn1 |
||
| Xordium stealer for Pulsar v2.4.5 | 26 | 1,082 |
Yesterday, 08:14 PM Last Post: Misanotnessa |
||
