Shawn WebbMar 4

I'm giving a remote presentation to the BSD masochistsWusers in New York City in an hour about weird code injection techniques on #FreeBSD

https://www.nycbug.org/media/March2026NYCBUG_Notice_of_Meeting.pdf

Jitsi meeting link: https://jitsi.sdf.org/NYCBUG-2026-03-04_01

YouTube stream: https://www.youtube.com/watch?v=QfGdMrmy0jw

#infosec #HardenedBSD #MalwareDevelopment #MalDev

GeeklandDec 28
Vectored Exception Handling² en Rust: cuando las excepciones se convierten en flujo de control #maldev #red_team #rust #windows
https://www.hackplayers.com/2025/12/vectored-exception-handling2-en-rust.html
Vectored Exception Handling² en Rust: cuando las excepciones se convierten en flujo de control

En Windows, las excepciones suelen entenderse como un mecanismo defensivo: algo salió mal, el sistema interrumpe la ejecución y, con suerte,...

raptor Jun 9, 2025

#MalDev Myths by @dobin

https://blog.deeb.ch/posts/maldev-myths/

MalDev Myths

JulesJan 26, 2025

New here 👋🏻. Looking forward to connect with other malware developing/red teaming enthusiasts, as well as with nice interesting people in general. Still trying to get the hang out of Mastodon, sorry if it shows 😂

#Introductions #pleaseboost #maldev #redteam #infosec #malware

JulesJan 16, 2025

New here 👋🏻. Looking forward to connect with other malware developing/red teaming enthusiasts, as well as with nice interesting people in general. Still trying to get the hang out of Mastodon, sorry if it shows 😂

#Introductions #pleaseboost #maldev #redteam #infosec #malware

The Wiert Corner - irregular stream of stuffDec 26, 2024

HInvoke and avoiding PInvoke | drakonia’s blog

On my research list [Wayback/Archive] HInvoke and avoiding PInvoke | drakonia’s blog.

A very minimalistic approach of calling .net runtime functions or accessing properties using only hashes as identifiers. It does not leave any strings or import references since we dynamically resolve the required member from the mscorlib assembly on runtime.

The underlying code is at [Wayback/Archive] S4ntiagoP/donut: Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters.

It is being used by [Wayback/Archive] Convert binary to a shellcode with donut and create a C# self injector from it via a combo of “Dynamic P/Invoke + H/Invoke” calls

Related are:

  • the Windows PE (Portable Executable) loader for .NET: [Wayback/Archive] nettitude/RunPE: C# Reflective loader for unmanaged binaries.
  • the [Wayback/Archive] daem0nc0re/TangledWinExec: C# PoCs for investigation of Windows process execution techniques investigation

    • Via:

    –jeroen

     

    #CyberSecurity #dinvoke #hinvoke #infosec #maldev #pentest #Pentesting #redteam

    HInvoke and avoiding PInvoke

    A very minimalistic approach of calling .net runtime functions or accessing properties using only hashes as identifiers. It does not leave any strings or import references since we dynamically resolve the required member from the mscorlib assembly on runtime.

    drakonia’s blog
    Amethyst BasiliskDec 25, 2024
    Merry Christmas, have another Windows maldev blog: writing migratory payloads. Learn the secret to disappearing from your mouse and reappearing inside explorer.exe! https://amethyst.systems/blog/posts/writing-migratory-payloads/ #infosec #malware #maldev
    Writing Migratory Payloads

    Hi. I’m procrastinating again, but this time it’s related to the project I’m procrastinating. And according to a well respected hacker, this is a functional way to be productive. So you, the reader, benefit from everything. Besides, the deadline for the Phrack CFP isn’t for another few months, so I’ve got time. (Famous last words.) First of all, what the hell do I mean by migratory payload? That’s not a term in MITRE ATT&CK! In more technical terms, when I say “migratory payload,” I am referring to executables that can otherwise occupy the space of another executable after existing and operating in another state. Think of an executable that runs away from your mouse and injects itself into explorer.exe after you double-click it. It relies ultimately on process injection, which is a slightly different but similar technique to DLL injection. MITRE can be fun to rag on but they host a useful technical compendium.

    Amethyst Systems
    Show threadCindʎ Xiao 🍉Dec 14, 2024

    @amethyst Yo I saw this last week and meant to reply but totally forgot until now!!

    You might enjoy:

    #malware #rustlang #reverseengineering #maldev #infosec

    GitHub - cxiao/rust-malware-gallery: A collection of malware families and malware samples which use the Rust programming language.

    A collection of malware families and malware samples which use the Rust programming language. - cxiao/rust-malware-gallery

    GitHub
    buheratorNov 24, 2024
    #maldev

    https://hellripper.bandcamp.com/album/black-arts-alchemy-ep
    Black Arts & Alchemy EP, by Hellripper

    4 track album

    Hellripper
    kriware Oct 4, 2024

    Rust for Malware Development

    This repository offers Rust practices and resources focused on malware development.

    https://github.com/Whitecat18/Rust-for-Malware-Development

    #rust #maldev

    GitHub - Whitecat18/Rust-for-Malware-Development: This repository contains complete resources and coding practices for malware development using Rust 🦀.

    This repository contains complete resources and coding practices for malware development using Rust 🦀. - GitHub - Whitecat18/Rust-for-Malware-Development: This repository contains complete resourc...

    GitHub