malware development

Exploiting suo and csproj files recently gained attention, used in attacks on Cybersecurity researchers. We found another way

We created a custom reverse shell from scratch and made it persistent - the result is scary, to say the least.

As promissed, we continue executing code using rundll32 on a fully updated system.

Today we're looking at one of the most simple evasions - it's always fascinating to wittness the beauty of traditional hacking exploration methods working to their full extend. The rundll32.exe comma bypass is one of these examples.