WinBoot: This PoC illustrate different technique to successfully excute Mimikatz with process injection – Embed Mimikatz as C# class, Mimikatz is converted to shellcode and converted to 3 digits format, Each syscall is obfuscated, Use C# Console.WriteLine to masquerade intention

November 9, 2021

Updated: November 9, 2021

WinBoost

Execute Mimikatz with different technique.

This PoC illustrate different technique to successfully excute Mimikatz with process injection:

Embed Mimikatz as C# class, Mimikatz is converted to shellcode and converted to 3 digits format Each syscall is obfuscated Use C# Console.WriteLine to masquerade our intention

BEFORE COMPILING, IF ONE CHANGE SOURCE CODE, REMEMBER TO CHANGE: int idx = 0x4aa73; the idx represent the index where Mimikatz begins Compile as .dll use https://github.com…

WinBoot: This PoC illustrate different technique to successfully excute Mimikatz with process injection – Embed Mimikatz as C# class, Mimikatz is converted to shellcode and converted to 3 digits format, Each syscall is obfuscated, Use C# Console.WriteLine to masquerade intention

Raven – Advanced Cyber Threat Map (Simplified, Customizable, Responsive)

Free Micropatches for “RemotePotato0”, a “WON’T FIX” Local Privilege Escalation Affecting all Windows Systems

ParallelNimcalls: Nim version of MDSec’s Parallel Syscall PoC

AlphaGolang – IDApython Scripts For Analyzing Golang Binaries

Editor Picks

Hunting for samAccountName Spoofing (CVE-2021–42278) & Domain Controller Impersonation

Introducing VirusTotal Collections

Kitten.gif: Meet the Sabbath Ransomware Affiliate Program, Again

Must read

Free Micropatches for “RemotePotato0”, a “WON’T FIX” Local Privilege Escalation Affecting all Windows Systems

ParallelNimcalls: Nim version of MDSec’s Parallel Syscall PoC

AlphaGolang – IDApython Scripts For Analyzing Golang Binaries

Popular categories