M
M
Malware Note
搜索文档…
M
M
Malware Note
1.0.0
恶意软件学习笔记
权限维持
服务
启动项
用户账户
DLL劫持
COM劫持
映像劫持
计划任务
WMI
Office
BITS Jobs
Rootkit
未分类
LOLBins
LOLBin
Take a Test
createdump.exe
sihclient.exe
change.exe
ftp.exe
tpmtool.exe
tar.exe
curl.exe
IMEWDBLD.exe
提权
Privileges
UAC Bypass
漏洞
错误配置
横向移动
WMI
RPC
DCOM
HASH
Kerberos tickets
文件结构
Office
LNK
PE
CHM
注入
注入
反分析
反虚拟机/沙盒
获取用户密码或hash
SMB
注入mstsc.exe
Mimikatz
NPLogonNotify
Tickets
进程链
启动进程
关闭杀软
关闭WD
AMSI
绕过AMSI
Dump内存
MiniDumpWriteDump
Shellcode
SilentProcessExit
procdump
Task Manager/Process Explorer
Sqldumper
comsvcs.dll
WinPmem
ProcessDump.exe
Dumpert
BSOD
PPLdump
Hibernation
木马分析
Stealer
Hidden Remote
常用工具
Untitled
鬼知道有什么用的小知识
鬼知道有什么用的小知识
GitBook 提供支持
反虚拟机/沙盒
c#(WMI检测内存):
using System;
using System.Management;
using System.Threading;
namespace Program
{
class Anti_Analysis
{
public static void RunAntiAnalysis()
{
if (isVM())
{
Environment.FailFast(null);
}
Thread.Sleep(1000);
}
public static bool isVM()
{
SelectQuery selectQuery = new SelectQuery("Select * from Win32_CacheMemory");
//SelectQuery selectQuery = new SelectQuery("Select * from CIM_Memory");
ManagementObjectSearcher searcher = new ManagementObjectSearcher(selectQuery);
int i = 0;
foreach (ManagementObject DeviceID in searcher.Get())
i++;
return (i == 0);
}
}
}
c++(即插即用设备)
GitHub - LordNoteworthy/al-khaser: Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
GitHub
#include <Windows.h>
#include <iostream>
#include <string>
int main()
{
DISPLAY_DEVICE dd;
dd.cb = sizeof(dd);
int deviceIndex = 0;
while (EnumDisplayDevices(0, deviceIndex, &dd, 0))
{
std::wstring deviceName = dd.DeviceName;
int monitorIndex = 0;
while (EnumDisplayDevices(deviceName.c_str(), monitorIndex, &dd, 0))
{
int flag = strlen((const char*)dd.DeviceString);
if (flag > 2) {
std::wcout << "this is vm";
}
else
{
std::wcout << "this is not vm";
}
++monitorIndex;
}
++deviceIndex;
}
return 0;
}
GitHub - a0rtega/pafish: Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do
GitHub
测试工具:
GitHub - LordNoteworthy/al-khaser: Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
GitHub
GitHub - a0rtega/pafish: Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do
GitHub
注入 - 以前
注入
下一个 - 获取用户密码或hash
SMB
最近更新 1yr ago
复制链接