{"id":23202,"date":"2024-11-12T11:25:03","date_gmt":"2024-11-12T09:25:03","guid":{"rendered":"https:\/\/rss.eground-zerkalo.com\/?p=23202"},"modified":"2024-11-12T11:25:03","modified_gmt":"2024-11-12T09:25:03","slug":"%d1%80%d0%b0%d0%b7%d1%80%d0%b0%d0%b1%d0%be%d1%82%d0%ba%d0%b0-%d0%bf%d1%80%d0%be%d0%b3%d1%80%d0%b0%d0%bc%d0%bc%d0%bd%d0%be%d0%b3%d0%be-%d0%be%d0%b1%d0%b5%d1%81%d0%bf%d0%b5%d1%87%d0%b5%d0%bd%d0%b8%d1%8f","status":"publish","type":"post","link":"https:\/\/rss.eground-zerkalo.com\/?p=23202","title":{"rendered":"\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043d\u0430\u0441\u0442\u0443\u043f\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 [Mr.Un1k0d3r]"},"content":{"rendered":"<p><b>\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043d\u0430\u0441\u0442\u0443\u043f\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 [Mr.Un1k0d3r]<\/b><br \/> &#8203;85 \u044d\u043f\u0438\u0437\u043e\u0434\u043e\u0432 \u0441 \u0437\u0430\u043d\u044f\u0442\u0438\u044f\u043c\u0438 \u043f\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e \u043f\u043e \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0442\u0435\u043c\u0430\u043c: <\/p>\n<ul>\n<li>Introduction to the toolset and core concept.<\/li>\n<li>Introduction to assembly language programming and shellcoding core concept.<\/li>\n<li>Shellcoding basics: Resolving Windows APIs using loaded modules LDR in the PEB and kernel32 GetProcAddress and LoadLibrary.<\/li>\n<li>Remote process injection using the PEB kernelcallbacktable manipulation and SendMessage API.<\/li>\n<li>Writing customer shellcode encoder in assembly using key brute force and MMX instructions set.<\/li>\n<li>Fooling the EDR using self debugging and DLL loading event to manipulate loaded DLLs.<\/li>\n<li>Fileless lateral movement technique using Windows ServiceManager (SVCCTL) in C.<\/li>\n<li>Windows APIs EDR evasion using Nt* APIs and direct syscall.<\/li>\n<li>Demystifying some C concept.<\/li>\n<li>Generic process injection concept in C and C#.<\/li>\n<li>C# execute .NET in memory to avoid touching the disk and C# AMSI trick.<\/li>\n<li>Attacking the EDR for fun and profit by removing the usermode hooks..<\/li>\n<li>C and C# evasion technique to prevent sandbox execution.<\/li>\n<li>Basic Command &amp; Control (C2) over HTTP concept in C#.<\/li>\n<li>Hooking Windows API for fun and profit.<\/li>\n<li>Dropping your initial payload and phishing concept.<\/li>\n<li>Cobalt Strike tricks and writing BOF file for Cobalk Strike.<\/li>\n<li>SPECIAL GUEST: @byt3bl33d3r is going to present some of his work regarding nim.<\/li>\n<li>Windows Internal Useful APIs. Remote information gathering.<\/li>\n<li>Resolving syscall dynamically.<\/li>\n<li>LDAP and the Windows Active Directory world.<\/li>\n<li>SPECIAL GUEST: @waldoirc Understanding ETW, API hooking, and malware analysis.<\/li>\n<li>Writing keyloggers using 2 different approaches.<\/li>\n<li>The Windows COM world.<\/li>\n<li>Linux Shellcoding.<\/li>\n<li>Introduction to buffer overflow.<\/li>\n<li>Buffer overflow part 2: ROP Gadget.<\/li>\n<li>Revisiting ETW and AMSI bypass.<\/li>\n<li>PetitPotam and ADCS tricks for Red Teamers.<\/li>\n<li>C Obfuscation For Red Teamers.<\/li>\n<li>SPECIAL GUEST: @snowscan &amp; Juan Ansible &amp; Terraform automation. NO AUDIO<\/li>\n<li>Sandbox detection tricks.<\/li>\n<li>SPECIAL GUEST: @waldoirc Hooking Heaps and Living Free.<\/li>\n<li>Initial Access payload; Some macro trick and .Net appdomain trick.<\/li>\n<li>SPECIAL GUEST: Cobalt Strike version 4.5 pre-release exclusive sneak peak presented by @joevest and Chris Thrope which are both core dev of Cobalt Strike.<\/li>\n<li>Patching legitimate software to hide your payload. (code cave)<\/li>\n<li>SPECIAL GUEST: Offensive PIC for red teamers presented by @thefLinkk<\/li>\n<li>Demystifying Import Address Table and Export Address Table.<\/li>\n<li>Update on evasion and unhooking.<\/li>\n<li>SPECIAL GUEST: Intro to Cobalt Strike Artifact Kit: Let&#039;s add some basic evasion capabilities for our Beacons. Presented by Istv\u00e1n T\u00f3th aka @an0n_r0<\/li>\n<li>SPECIAL GUEST: ETW, more position independent shellcode and BRc4 @NinjaParanoid<\/li>\n<li>Using mailslot instead of namedpipe to hide from EDRs. IRP_MJ_CREATE_NAMED_PIPE vs IRP_MJ_CREATE_MAILSLOT. ETW Provider attack to stop feeding at the source.<\/li>\n<li>The mystery of DLL side loading. Demystifying how to do it properly.<\/li>\n<li>Building your C2 introduction to preludesecurity.com<\/li>\n<li>Reflective DLL Loading.<\/li>\n<li>SPECIAL GUEST: Meterpreter&#039;s Railgun presented by @zerosteiner the lead developer of the Metasploit Framework at Rapid7.<\/li>\n<li>The case of TrustedInstaller and some EDRs tricks.<\/li>\n<li>MsBuild payload obfuscations and tricks.<\/li>\n<li>SPECIAL GUEST: Obfuscation with NIM and NIM packer presented by @ShitSecure<\/li>\n<li>Building obfuscation framework to automate the obfuscation process in C#.<\/li>\n<li>Hunting for other SMB hash leakage vectors.<\/li>\n<li>Killchain for ATP\/MDE: firewall, elevate, registry key manipulation all in C.<\/li>\n<li>Implementing your own GetProcAddress and LoadLibrary as part of your loader by parsing the PEB.<\/li>\n<li>How to Get Started using Jenkins for CI\/CD &#8212; For Offense &amp; Defense. Presented by Jake.<\/li>\n<li>RPC R&amp;D style using impacket and MSDN documentation.<\/li>\n<li>The core concept of our C2 written in C#.<\/li>\n<li>C# invisible Cobalt Strike beacon in memory.<\/li>\n<li>Building your C2 in .Net core part 1.<\/li>\n<li>Building your C2 in .Net core part 2.<\/li>\n<li>Building your C2 in .Net core part 3.<\/li>\n<li>Getting Started with Continuous Security Testing with preludesecurity.com. This session will introduce new concepts and technologies for continuous security testing.<\/li>\n<li>Building your C2 in .Net core part 4.<\/li>\n<li>Building your C2 in .Net core part 5.<\/li>\n<li>Building your C2 in .Net core part 6.<\/li>\n<li>Building your C2 in .Net core part 7.<\/li>\n<li>Building your C2 in .Net core part 8.<\/li>\n<li>MSIL CIL obfuscation in C#. Obfuscating your code a level below.<\/li>\n<li>Adding features to our C2 such as payload obfuscation at rest and new handlers. Switch case obfuscation trick preview.<\/li>\n<li>Browser is the new LSASS part 1. Getting the master key.<\/li>\n<li>Browser is the new LSASS part 2. Getting the cookie file.<\/li>\n<li>Browser is the new LSASS part 3 .Getting the key remotely.<\/li>\n<li>Phishing vectors in 2023. Getting code execution on the target.<\/li>\n<li>Phishing vectors in 2023 part 2. Code obfuscation at rest.<\/li>\n<li>Santa secret sauce: phishing trick to pass reputation and hide your final payload. Special guest: Eqw5<\/li>\n<li>Special guest: Waldo-IRC present Introduction to thoughtful and simple debugging.<\/li>\n<li>Red teaming and reconnaissance: Building your own C# utility to query LDAP.<\/li>\n<li>Azure for red team: Token manipulation and the device code phishing.<\/li>\n<li>Special guest: Kumo is presenting devops for red teamers.<\/li>\n<li>Initial access: all the techniques we covered and what is efficient against EDRs.<\/li>\n<li>Cobalt Strike and modern EDR evasion. The importance of BOF, avoiding Fork &amp; Run and namedpipe.<\/li>\n<li>C obfuscation using assembly and compiler shenanigans.<\/li>\n<li>Evading EDRs and HoneyPots. What you need to evade them? Learning about EDRs and HoneyPots capabilities.<\/li>\n<\/ul>\n<p>\u042f\u0437\u044b\u043a \u043e\u0431\u0443\u0447\u0435\u043d\u0438\u044f: \u0430\u043d\u0433\u043b\u0438\u0439\u0441\u043a\u0438\u0439<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043d\u0430\u0441\u0442\u0443\u043f\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 [Mr.Un1k0d3r] &#8203;85 \u044d\u043f\u0438\u0437\u043e\u0434\u043e\u0432 \u0441 \u0437\u0430\u043d\u044f\u0442\u0438\u044f\u043c\u0438 \u043f\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e \u043f\u043e \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0442\u0435\u043c\u0430\u043c: Introduction to the toolset and core concept. Introduction to assembly language programming and shellcoding core concept. Shellcoding basics: Resolving Windows APIs using loaded modules LDR in the PEB and kernel32 GetProcAddress and LoadLibrary. Remote process injection using the PEB [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-23202","post","type-post","status-publish","format-standard","hentry","category-rss"],"_links":{"self":[{"href":"https:\/\/rss.eground-zerkalo.com\/index.php?rest_route=\/wp\/v2\/posts\/23202","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rss.eground-zerkalo.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rss.eground-zerkalo.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rss.eground-zerkalo.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rss.eground-zerkalo.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=23202"}],"version-history":[{"count":0,"href":"https:\/\/rss.eground-zerkalo.com\/index.php?rest_route=\/wp\/v2\/posts\/23202\/revisions"}],"wp:attachment":[{"href":"https:\/\/rss.eground-zerkalo.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=23202"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rss.eground-zerkalo.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=23202"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rss.eground-zerkalo.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=23202"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}