Snippet List

Technique Language Author OS Creation Date
Adding antivirus exception Python Malfav.Win32 1 month, 1 week
System Binary Proxy Execution: Rundll32 Delphi DarkCoderSc 2 months
Removing Commands from SELinux Audit Logs bash Unprotect 2 months, 2 weeks
Deleting Troubleshoot Information and Core Dumps bash Unprotect 2 months, 2 weeks
Manipulating Debug Logs bash Unprotect 2 months, 2 weeks
XProtect Encryption Abuse Python 2 months, 2 weeks
kernel flag inspection via sysctl Python fr0gger 2 months, 2 weeks
Exfiltration via SMTP C# Tasdir 2 months, 3 weeks
XBEL Recently Opened Files Check Python 1d8 2 months, 3 weeks
Virtualization/Sandbox Evasion: User Activity Based Checks Python 1d8 3 months, 3 weeks
Default Windows Wallpaper Check Golang 1d8 3 months, 4 weeks
Abusing the Return Pointer Assembly 0x_ror 4 months
Impossible Disassembly Rust Gelven 4 months, 1 week
Detecting Virtual Environment Process C++ 0x_ror 4 months, 1 week
Process Argument Spoofing Python Wietze 4 months, 1 week
Process Argument Spoofing C Wietze 4 months, 1 week
Event Triggered Execution: Linux Inotify Python 1d8 4 months, 1 week
API Hammering C++ 0x_ror 4 months, 1 week
Replication Through Removable Media Python 1d8 5 months, 1 week
QEMU CPU brand evasion C++ kernelwernel 6 months, 4 weeks
bochs CPU oversights evasion C++ kernelwernel 7 months
Impair Defenses: Disable Windows Event Logging PowerShell 0x0d4y 7 months, 2 weeks
Impair Defenses: Disable Windows Event Logging bash 0x0d4y 7 months, 2 weeks
AppInit DLL Injection C 1d8 7 months, 2 weeks
Hide Artifacts: Hidden Window C 1d8 7 months, 2 weeks
VboxEnumShares C++ HoIIovv 7 months, 2 weeks
Odd Thread Count C++ kernelwernel 7 months, 2 weeks
Hyper-V Signature C++ kernelwernel 7 months, 2 weeks
NtDelayExecution C d4rksystem 7 months, 2 weeks
APC injection FASM32 DarkCoderSc 10 months, 1 week
Filter
Clear