ebook "Bypassing Anti Viruses by C# Programming v2.0 (Persian Edition)
مخاطبین کتاب افراد تیم قرمز و آبی و تست نفوذ می باشند
افرادی می خواهند کتاب را خریداری کنند از طریق
LinkedIn : https://lnkd.in/g7X6HfY5
or email : [email protected]
در خواست خود را با ایمیل خود را اعلام کنند تا مراحل خرید کتاب را دریافت کنند
قیمت خرید کتاب: ۳/۵۰۰/۰۰۰ تومان می باشد
کتاب همانند یک دوره آموزشی می باشد و تقریبا تمامی موارد درون آن جدید میباشند بالای ۳۰ کد سی شارپ در کتاب وجود دارد
more than 30 C# codes/techniques in book
video chapter 3 of ebook => https://www.youtube.com/watch?v=j1rc5G99vwA
video chapter 4.2 of ebook => https://www.youtube.com/watch?v=61czPWFhR6o
video chapter 4.2 of ebook (Part-2) => https://www.youtube.com/watch?v=w-3BizF9HYM
video chapter 9.2 of ebook => https://www.youtube.com/watch?v=BqErFhZqxpA
video chapter 10 of ebook => https://www.youtube.com/watch?v=26ZBx5fw25s
video 2 chapter 10 of ebook [detecting EKKO TEchnique by blue team c# codes] link1 => https://www.youtube.com/watch?v=TMQJ7jMbgQk
video 2 chapter 10 of ebook [detecting EKKO TEchnique by blue team c# codes] link2 => https://www.aparat.com/v/GtMIi
- Nov 03, 2023 Table of Contents for eBook Bypassing AntiViruses by C# Programming v2.0
- Nov 03, 2023 Table of Contents Farsi for eBook Bypassing AntiViruses by C# Programming v2.0 (Persian Edition)
Table of Contents
Chapter 1 - Encryption & Decryption for Payloads
1.1 Simple Method for Execute Native Code in Memory via API Programming
CreateThread/WriteProcessMemory/VirtualAlloc etc.
1.2 Encryption and Decryption for payloads via RC4
RC4 Encryption by C# & metasploit payloads.
1.3 Encryption and Decryption for Payload of Suspended Thread via XOR
Talking about Xor Encryption by C# & VirtualAllocExNuma , VirtualAlloc2 and decryption in-memory for threads + metasploit payloads.
Chapter 2 - Executing Native Codes in Local Process
2.1 Local Thread Injection Classic Method and Indirect/Direct Technique D
Talking about Marshal methods in C# like Marshal.GetDelegateForFunctionPointer and invoking C# codes in-memory via new method called "Technique D", bypassing kaspersky with last updates & windows defender
2.2 QueueUserAPC API Methods and Indirect/Direct Technique D
Talking about some windows Apis like QueueUserAPC + Technique D
2.3 QueueUserAPC Classic Method
Talking about classic QueueUserAPC in remote process & Windows API Monitor tool + NtQueueAPCThread
Chapter 3 - Executing Native Codes in Local Process (Part2)
3.1 Simple Method for Execute Native Code in Memory + JMP Method 1
Talking about Jump OpCode 0xE9 + jumping between payloads in-memory sections and bypassing windows defender
3.2 Simple Method for Execute Native Code in Memory + Delegate Method + JMP Method 1
Talking about Jump OpCode 0xE9 + jumping between payloads in-memory sections + using C# Delegate Tricks instead using CreateThread Api + memory Protection modes and bypassing windows defender
3.3 Simple Method for Execute Native Code in Memory + Delegate Method + JMP Method 1 [Part2]
Talking about Jump OpCode 0xE9 + jumping between payloads in-memory sections + using C# Delegate Tricks instead using CreateThread Api + marshal.writebyte and bypassing windows defender
3.4 Indirect Call C# Methods in Memory via Reflection.Emit Jump Method
Talking about new method to indirect call C# codes via reflection.emit class + new jump method via Emit & opcode.jmp + bypassing windows defender
3.5 Running C# Managed Codes in Memory via CreateThread API
Talking about call C# method via CreateThread API directly without calling c# methods in code + bypassing windows defender
Chapter 4 - Executing Native Codes in Local Process (Part3)
4.1 New Approach with New APIs to Execute Payloads in Memory + Async Method and Bypassing Kaspersky
Using New APIs instead old APIs with simple Async C# Method and Bypassing Kaspersky
4.2 Indirect Invoke C# Delegate + JMP Method 2
New Jump Method + Indirect Invoke C# Delegate and bypassing Kaspersky
4.3 Chunking CobaltStrike Payloads + Jump Method and Bypassing Kaspersky
Chunking Payload Method in-memory and bypassing Kaspersky
Chapter 5 - Executing Native Code in Remote Process
5.1 Remote Thread Injection (Classic)
Old Remote Injection Method (classic method)
5.2 Remote Thread Injection + Delegate Method and bypassing Defender
Remote Injection + C# Delegate Method and Bypassing Windows Defender without Importing CreateRemoteThread or VirtualAllocEx APIs etc
5.3 Remote Thread Injection + Jump Method and Bypassing Kaspersky + Defender
New Method for Remote Injection + Jump Method, Importing CreateRemoteThread API and bypass AVs like Kaspersky + windows Defender
Chapter 6 - [X technique] via Extension Methods in C#
6.1 X Technique, Changing Codes via Extension Method
New Method for changing source code without changing result of code by C# eXtensions
Chapter 7 - Sliver C2 and your Csharp Codes
7.1 When Sliver C2 Payloads is Good to Use , When is not?
Talking about New C2 Server Sliver-c2 and two examples for C#
7.2 Sliver-C2 Beacon with mTLS Payloads
Using Beacons mode via Sliver-C2 payloads and mtls traffic + C#
7.3 Sliver-C2 Beacon with Https Payloads
Using Beacons mode via Sliver-C2 payloads and https traffic + C#
7.4 Using Resource for Hardcoding Big Sliver-C2 Payloads
Hardcoding Payloads in Csharp via Resources
7.5 C# Code for Encrypting Sliver-C2 Bin Files
Talking about Xor method for encrypting C2 Payload files
7.6 Beacon Connections and Active Connections in Sliver-C2
Talking about Beacon Mode Connections and Interactive Connections
7.7 Bypassing ETW and Execute .NET Assembly Codes
Talking About Bypassing ETW/AMSI and Execute .NET Codes Inside Target Process
Chapter 8 - Native CallBack Functions by C#
8.1 Native CallBack Functions by C#
Windows Callback Function in C# and Async Call C# Methods via Callback Functions
Chapter 9 - Compiling and Running Managed Codes In-Memory by C#
9.1 Running C# Managed Codes In-Memory by C#
Running C# Assemblies/Exe Inside Another Managed Process by C#
9.2 Running C# Managed Codes In-Memory by C# , Part2
Running C# Assemblies/Exe Inside Another Managed Process + Encrypting Exe Files over http Traffic
9.3 Compiling C# Source Codes In-Memory by C#
Compiling/Running C# Source Codes Inside Another Managed Process
Chapter 10 - Detecting Memory Allocation in-memory via ETW Events (Blue team)
10.1 ETW and VirtualMemAlloc Events
Payload Detection via ETW VirtualMemAlloc Events, using ETWProcessMon.cs + VirtualMemAllocMon.cs codes
10.2 ETW and VirtualMemAlloc Events , Part2
Payload Detection via ETW VirtualMemAlloc Events, using ETWProcessMon.cs + VirtualMemAllocMon.cs codes
10.3 ETW and VirtualMemAlloc Events , Part3
Payload Detection via ETW VirtualMemAlloc Events, Step by step using VirtualMemAllocMon.cs codes
Chapter 11 - Detecting Threats in-memory via other ETW Events (Blue team)
11.1 ETW ImageLoads and TCPIP Events for Detecting Threats In-Memory
Using ETW DLL Loads Event or ImageLoads Events + TCPIP Send Events to Detect Threats
11.2 Detecting Remote Thread Injection and Monitoring Windows Events Log by C#
Remote Thread Injection Detection in-memory + Creating Windows Event Logs and Monitoring them