SwishDbgExt
SwishDbgExt is a Microsoft WinDbg debugging extension that enhances debugging capabilities for kernel developers, troubleshooters, and security experts.
Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence Over the last few weeks, I researched and tested a few interesting namespaces/methods documented on various Microsoft/MSDN sources that dealt with executing various COM scripts/scriptlets (e.g. VBscript, Jscript, etc.). In particular, I was curious to see if there were potentially new ways to invoke remote scripts (ActiveX Objects) by leveraging some of the great research already performed and documented by @subTee, @Oddvarmoe, @ItsReallyNick, @KyleHanslovan, @ChrisBisnett, and @NickTyrer. There were some interesting findings, but the one that really stood out was the discovery of LaunchINFSection, a ‘new’ method to remotely launch staged SCT files configured within INF files. In this post, we’ll discuss several known INF-SCT launch methods, introduce LaunchINFSection, and dive into use cases/defensive considerations. Additionally, we’ll reference other techniques for remote script/scriptlet execution. INF-SCT Launch Methods Methods for launching script component files (‘.sct’) via INF configuration files include InstallHinfSection (setupapi.dll), CMSTP, and LaunchINFSection (advpack.dll). Let’s dive in… Malicious INF-SCT Usage with Infected INF Files
SwishDbgExt is a Microsoft WinDbg debugging extension that enhances debugging capabilities for kernel developers, troubleshooters, and security experts.
Copy executables with execute, but no read permission on Unix systems.
A collection of XSS payloads designed to turn alert(1) into P1
A tool to locally check for signs of a rootkit with various checks and tests.
A dataset release policy for the Android Malware Genome Project, requiring authentication and justification for access to the dataset.
A Python script that converts shellcode into a PE32 or PE32+ file.