Skip to content

DamonMohammadbagher/eBook_Bypassing-Antiviruses-by-C-Programming-v2.0

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

eBook Bypassing Antiviruses by C# Programming v2.0

Persian Edition

Published by damon mohammadbagher

ebook "Bypassing Anti Viruses by C# Programming v2.0 (Persian Edition)

مخاطبین کتاب افراد تیم قرمز و آبی و تست نفوذ می باشند

افرادی می خواهند کتاب را خریداری کنند از طریق

LinkedIn : https://lnkd.in/g7X6HfY5

or email : [email protected]

در خواست خود را با ایمیل خود را اعلام کنند تا مراحل خرید کتاب را دریافت کنند

قیمت خرید کتاب: ۳/۵۰۰/۰۰۰ تومان می باشد

کتاب همانند یک دوره آموزشی می باشد و تقریبا تمامی موارد درون آن جدید میباشند بالای ۳۰ کد سی شارپ در کتاب وجود دارد

more than 30 C# codes/techniques in book

video chapter 3 of ebook => https://www.youtube.com/watch?v=j1rc5G99vwA

video chapter 3.4 of ebook => https://www.youtube.com/watch?v=Jdna6sxsTuM

video chapter 4.2 of ebook => https://www.youtube.com/watch?v=61czPWFhR6o

video chapter 4.2 of ebook (Part-2) => https://www.youtube.com/watch?v=w-3BizF9HYM

video chapter 9.2 of ebook => https://www.youtube.com/watch?v=BqErFhZqxpA

video chapter 10 of ebook => https://www.youtube.com/watch?v=26ZBx5fw25s

video 2 chapter 10 of ebook [detecting EKKO TEchnique by blue team c# codes] link1 => https://www.youtube.com/watch?v=TMQJ7jMbgQk

video 2 chapter 10 of ebook [detecting EKKO TEchnique by blue team c# codes] link2 => https://www.aparat.com/v/GtMIi

Table of Contents

Chapter 1 	- 	Encryption & Decryption for Payloads

1.1 Simple Method for Execute Native Code in Memory via API Programming
    CreateThread/WriteProcessMemory/VirtualAlloc etc.
1.2 Encryption and Decryption for payloads via RC4
    RC4 Encryption by C# & metasploit payloads.
1.3 Encryption and Decryption for Payload of Suspended Thread via XOR
    Talking about Xor Encryption by C# & VirtualAllocExNuma , VirtualAlloc2 and decryption in-memory for threads + metasploit payloads.

Chapter 2 	- 	Executing Native Codes in Local Process

2.1 Local Thread Injection Classic Method and Indirect/Direct Technique D
    Talking about Marshal methods in C# like Marshal.GetDelegateForFunctionPointer and invoking C# codes in-memory via new method called "Technique D", bypassing kaspersky with last updates & windows defender
2.2 QueueUserAPC API Methods and Indirect/Direct Technique D
    Talking about some windows Apis like QueueUserAPC + Technique D
2.3 QueueUserAPC Classic Method
    Talking about classic QueueUserAPC in remote process & Windows API Monitor tool + NtQueueAPCThread

Chapter 3 	- 	Executing Native Codes in Local Process (Part2)

3.1 Simple Method for Execute Native Code in Memory + JMP Method 1
    Talking about Jump OpCode 0xE9 + jumping between payloads in-memory sections and bypassing windows defender
3.2 Simple Method for Execute Native Code in Memory + Delegate Method + JMP Method 1
    Talking about Jump OpCode 0xE9 + jumping between payloads in-memory sections + using C# Delegate Tricks instead using CreateThread Api + memory Protection modes and bypassing windows defender
3.3 Simple Method for Execute Native Code in Memory + Delegate Method + JMP Method 1 [Part2]
    Talking about Jump OpCode 0xE9 + jumping between payloads in-memory sections + using C# Delegate Tricks instead using CreateThread Api + marshal.writebyte and bypassing windows defender
3.4 Indirect Call C# Methods in Memory via Reflection.Emit Jump Method
    Talking about new method to indirect call C# codes via reflection.emit class + new jump method via Emit & opcode.jmp + bypassing windows defender
3.5 Running C# Managed Codes in Memory via CreateThread API
    Talking about call C# method via CreateThread API directly without calling c# methods in code + bypassing windows defender

Chapter 4 	- 	Executing Native Codes in Local Process (Part3)

4.1 New Approach with New APIs to Execute Payloads in Memory + Async Method and Bypassing Kaspersky
    Using New APIs instead old APIs with simple Async C# Method and Bypassing Kaspersky
4.2 Indirect Invoke C# Delegate + JMP Method 2
    New Jump Method + Indirect Invoke C# Delegate and bypassing Kaspersky
4.3 Chunking CobaltStrike Payloads + Jump Method and Bypassing Kaspersky
    Chunking Payload Method in-memory and bypassing Kaspersky

Chapter 5 	- 	Executing Native Code in Remote Process

5.1 Remote Thread Injection (Classic)
    Old Remote Injection Method (classic method)
5.2 Remote Thread Injection + Delegate Method and bypassing Defender
    Remote Injection + C# Delegate Method and Bypassing Windows Defender without Importing CreateRemoteThread or VirtualAllocEx APIs etc
5.3 Remote Thread Injection + Jump Method and Bypassing Kaspersky + Defender
    New Method for Remote Injection + Jump Method, Importing CreateRemoteThread API and bypass AVs like Kaspersky + windows Defender

Chapter 6 	- 	[X technique] via Extension Methods in C#

6.1 X Technique, Changing Codes via Extension Method
    New Method for changing source code without changing result of code by C# eXtensions

Chapter 7 	- 	Sliver C2 and your Csharp Codes

7.1 When Sliver C2 Payloads is Good to Use , When is not?
    Talking about New C2 Server Sliver-c2 and two examples for C#
7.2 Sliver-C2 Beacon with mTLS Payloads
    Using Beacons mode via Sliver-C2 payloads and mtls traffic + C#
7.3 Sliver-C2 Beacon with Https Payloads
    Using Beacons mode via Sliver-C2 payloads and https traffic + C#
7.4 Using Resource for Hardcoding Big Sliver-C2 Payloads
    Hardcoding Payloads in Csharp via Resources
7.5 C# Code for Encrypting Sliver-C2 Bin Files
    Talking about Xor method for encrypting C2 Payload files
7.6 Beacon Connections and Active Connections in Sliver-C2
    Talking about Beacon Mode Connections and Interactive Connections
7.7 Bypassing ETW and Execute .NET Assembly Codes
    Talking About Bypassing ETW/AMSI and Execute .NET Codes Inside Target Process

Chapter 8 	- 	Native CallBack Functions by C#

8.1 Native CallBack Functions by C#
    Windows Callback Function in C# and Async Call C# Methods via Callback Functions

Chapter 9 	- 	Compiling and Running Managed Codes In-Memory by C#

9.1 Running C# Managed Codes In-Memory by C#
    Running C# Assemblies/Exe Inside Another Managed Process by C#
9.2 Running C# Managed Codes In-Memory by C# , Part2
    Running C# Assemblies/Exe Inside Another Managed Process + Encrypting Exe Files over http Traffic
9.3 Compiling C# Source Codes In-Memory by C#
    Compiling/Running C# Source Codes Inside Another Managed Process

Chapter 10 	- 	Detecting Memory Allocation in-memory via ETW Events (Blue team)

10.1 ETW and VirtualMemAlloc Events
    Payload Detection via ETW VirtualMemAlloc Events, using ETWProcessMon.cs + VirtualMemAllocMon.cs codes
10.2 ETW and VirtualMemAlloc Events , Part2
    Payload Detection via ETW VirtualMemAlloc Events, using ETWProcessMon.cs + VirtualMemAllocMon.cs codes
10.3 ETW and VirtualMemAlloc Events , Part3
    Payload Detection via ETW VirtualMemAlloc Events, Step by step using VirtualMemAllocMon.cs codes

Chapter 11 	- 	Detecting Threats in-memory via other ETW Events (Blue team)

11.1 ETW ImageLoads and TCPIP Events for Detecting Threats In-Memory
    Using ETW DLL Loads Event or ImageLoads Events + TCPIP Send Events to Detect Threats
11.2 Detecting Remote Thread Injection and Monitoring Windows Events Log by C#
    Remote Thread Injection Detection in-memory + Creating Windows Event Logs and Monitoring them