2 min read
Evasion We made the bold claim, that all AMSI evasions still work. But is that really true? Come in for a ride.
We made the bold claim, that all AMSI evasions still work. But is that really true? Come in for a ride.
We created a custom reverse shell from scratch and made it persistent - the result is scary, to say the least.
Once made some architecture visualisations - maybe a chance to explain how these came to life and how I discovered: all evasions still work fine.
As promissed, we continue executing code using rundll32 on a fully updated system.
Today we're looking at one of the most simple evasions - it's always fascinating to wittness the beauty of traditional hacking exploration methods working to their full extend. The rundll32.exe comma bypass is one of these examples.