终端对抗防御逃逸-内存免杀 | CTF导航
Tags
attack-pattern: Data Indirect Trap - T1546.005 Trap - T1154
Show in Graph
Common Information
Type Value
UUID 6edb0fed-fbaf-4a20-8ec5-42c809aef1b5
Fingerprint 6782970d344ad5a2
Analysis status DONE
Considered CTI value -2
Text language
Published Nov. 6, 2024, midnight
Added to db Nov. 14, 2024, 6:12 a.m.
Last updated Nov. 17, 2024, 11:40 p.m.
Headline 终端对抗防御逃逸-内存免杀
Title 终端对抗防御逃逸-内存免杀 | CTF导航
Detected Hints/Tags/Attributes 18/1/22
Source URLs
Redirection Url
Details Source https://www.ctfiot.com/215387.html
URL Provider
Details Provider Source level domain
Details ctfiot.com www.ctfiot.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 426 CTF导航 https://www.ctfiot.com/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 4128 
github.com
Details Domain 43 
file.read
Details Domain 83 
xz.aliyun.com
Details Domain 1 
www.vaadata.com
Details Domain 1 
avantguard.io
Details Domain 2 
dtsec.us
Details File 1 
gpumemoryabuse.cpp
Details File 1 
testoop.exe
Details File 1 
noptest.exe
Details File 1 
c:\users\administrator\desktop\payload.bin
Details File 1 
未使用该方案的noptest.exe
Details File 1 
使用该方案的testoop.exe
Details Github username 4 
mgeeky
Details Github username 2 
vxunderground
Details Github username 4 
dec0ne
Details Url 1 
https://github.com/mgeeky/threadstackspoofer/tree/master
Details Url 1 
https://github.com/vxunderground/vxug-papers/blob/main/gpumemoryabuse.cpp
Details Url 1 
https://xz.aliyun.com/t/14310?time__1311=gqaxud9qgqkxlxggx
Details Url 1 
https://www.vaadata.com/blog/antivirus-and-edr-bypass-techniques
Details Url 1 
https://avantguard.io/en/blog/overload-mapping-vs.-memory-scanners
Details Url 2 
https://github.com/dec0ne/hwsyscalls
Details Url 1 
https://dtsec.us/2023-09-15-stackspoofin