From 1a9fd12bdec5afe54c8dd90bcf669f7dc2f7515f Mon Sep 17 00:00:00 2001 From: pe3zx Date: Sun, 22 Aug 2021 17:48:10 +0700 Subject: [PATCH] Add: netbiosX/AMSI-Provider to Defense Evasion section --- Offensive.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/Offensive.md b/Offensive.md index 8bf3805..92d4c0e 100644 --- a/Offensive.md +++ b/Offensive.md @@ -1159,6 +1159,10 @@ Some tools can be categorized in more than one category. But because the current nccgroup/demiguise HTA encryption tool for RedTeams + + netbiosX/AMSI-Provider + A fake AMSI Provider which can be used for persistence. + NotPrab/.NET-Obfuscator Lists of .NET Obfuscator (Free, Trial, Paid and Open Source ) @@ -1189,10 +1193,7 @@ Some tools can be categorized in more than one category. But because the current PwnDexter/SharpEDRChecker - Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs - metadata, common install directories, installed services and each service binaries metadata, installed - drivers and each drivers metadata, all for the presence of known defensive products such as AV's, EDR's and - logging tools. + Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for the presence of known defensive products such as AV's, EDR's and logging tools. RedCursorSecurityConsulting/PPLKiller