[Vapulame]

I used WMI Event Subscription back then
Nowadays I go for obscure shit that there is no chance someone writes a detection rule for.

https://wikileaks.org/ciav7p1/cms/page_14587908.html

u fed bruh? 

hahahah lol u got him

[Nevertheless]

I used WMI Event Subscription back then
Nowadays I go for obscure shit that there is no chance someone writes a detection rule for.

Shit that sounds cool as hell, any tips of where to begin writing my own custom shit? Like to don't need ro rely on already used techniques. Im kinda clueless on where to start doing these type of stuff

Well, if you want to have an original persistence technique, you should look into how Windows works (what it loads at startup, where, how, etc...)
A good start would be to look at file / reg events using Sysmon for example

---

I used WMI Event Subscription back then
Nowadays I go for obscure shit that there is no chance someone writes a detection rule for.

https://wikileaks.org/ciav7p1/cms/page_14587908.html

u fed bruh? 

:flushed:

[0xAAAAAAAA]

Scheduled tasks, Run keys, and Steam's installscript.vdf

[dll]

dll proxying plus some anti-analysis techniques like self-deletion modifying $DATA.

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Self-Ban | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you wish to be unbanned in the future.