Tuesday, December 7, 2021

WinBoot: This PoC illustrate different technique to successfully excute Mimikatz with process injection – Embed Mimikatz as C# class, Mimikatz is converted to shellcode and converted to 3 digits format, Each syscall is obfuscated, Use C# Console.WriteLine to masquerade intention

WinBoost

Execute Mimikatz with different technique.

This PoC illustrate different technique to successfully excute Mimikatz with process injection:

Embed Mimikatz as C# class, Mimikatz is converted to shellcode and converted to 3 digits format Each syscall is obfuscated Use C# Console.WriteLine to masquerade our intention

BEFORE COMPILING, IF ONE CHANGE SOURCE CODE, REMEMBER TO CHANGE: int idx = 0x4aa73; the idx represent the index where Mimikatz begins Compile as .dll use https://github.com…

Read More

Latest news
Related news