Snippet List

Technique Language Author OS Creation Date
Indirect Memory Writing Delphi DarkCoderSc 4 weeks, 1 day
Debug Registers, Hardware Breakpoints Python MatteoLodi 1 month, 1 week
Detecting Virtual Environment Artefacts C weirdraven 1 month, 1 week
Checking Pipe C HoIIovv 1 month, 1 week
Detecting Online Sandbox C# Futex 1 month, 1 week
WMI Event Subscriptions PowerShell 1d8 6 months, 3 weeks
Adding antivirus exception Python Malfav.Win32 8 months, 1 week
System Binary Proxy Execution: Rundll32 Delphi DarkCoderSc 8 months, 4 weeks
Removing Commands from SELinux Audit Logs bash Unprotect 9 months, 1 week
Deleting Troubleshoot Information and Core Dumps bash Unprotect 9 months, 1 week
Manipulating Debug Logs bash Unprotect 9 months, 1 week
XProtect Encryption Abuse Python 9 months, 2 weeks
kernel flag inspection via sysctl Python fr0gger 9 months, 2 weeks
Exfiltration via SMTP C# Tasdir 9 months, 2 weeks
XBEL Recently Opened Files Check Python 1d8 9 months, 3 weeks
Virtualization/Sandbox Evasion: User Activity Based Checks Python 1d8 10 months, 3 weeks
Default Windows Wallpaper Check Golang 1d8 10 months, 3 weeks
Abusing the Return Pointer Assembly 0x_ror 11 months
Impossible Disassembly Rust Gelven 11 months, 1 week
Detecting Virtual Environment Process C++ 0x_ror 11 months, 1 week
Process Argument Spoofing Python Wietze 11 months, 1 week
Process Argument Spoofing C Wietze 11 months, 1 week
Event Triggered Execution: Linux Inotify Python 1d8 11 months, 1 week
API Hammering C++ 0x_ror 11 months, 1 week
Replication Through Removable Media Python 1d8 1 year
QEMU CPU brand evasion C++ kernelwernel 1 year, 1 month
bochs CPU oversights evasion C++ kernelwernel 1 year, 1 month
Impair Defenses: Disable Windows Event Logging PowerShell 0x0d4y 1 year, 2 months
Impair Defenses: Disable Windows Event Logging bash 0x0d4y 1 year, 2 months
AppInit DLL Injection C 1d8 1 year, 2 months
Filter
Clear