Security vanguards at SonicWall have unmasked a nascent campaign disseminating the VioletRAT malware. This offensive orchestrates a multi-tiered delivery sequence and a sophisticated Python-based code injection paradigm. The adversaries employ several stages of clandestine...
Security practitioners have identified an evolved iteration of the Kazuar loader, a tool wielded by the prolific Turla threat collective. This modular implant facilitates the circumvention of Windows security mechanisms without altering system files,...
Founding is a tool that processes shellcode in .bin, .exe, or .dll formats, applying advanced obfuscation or encryption techniques to generate stealthy binaries with sophisticated execution methods. Features Core Features (Applied in Every Compilation) Dynamic API Hashing Generates unique hash values...
Within cybercriminal circles, the emergence of a new command-and-control framework known as Weyhro C2 has been observed. Its promotion coincides with the activity of a ransomware group bearing the same name, suggesting an effort...
A newly released open-source project has drawn the attention of the technical community for its attempt to circumvent modern workstation protection mechanisms. A developer using the alias hwbp has published a framework called LazyHook...
EByte-AMSI-ProxyInjector A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuffer calls. It suspends the target’s threads, patches the function to always return...
A new wave of attacks leveraging the XWorm malware vividly illustrates how far threat actors have advanced in crafting tools that are both resilient to detection and resistant to analysis. The variant identified by...
This technique exploits the COM-level mechanics AMSI uses when delegating scan requests to antivirus (AV) providers through RPC. By hooking into the NdrClientCall3 function—used internally by the RPC runtime to marshal and dispatch function...
AMSI Bypass via VEH A PowerShell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, function hooking or Import Address Table (IAT) modification. How it works: For...
