몾 Artemis
Suivre

PE with spoofed sections

An undocumented trick to embed executable code within (what appears to be) a read-only PE section. The proof-of-concepts described above involve appending the payload to the end of the NT headers, but it is also possible to embed executable code within the headers.

Nice, x86matthew. Ping @siri_urz

secret.club/2023/06/05/spoof-p

  • sample : https://secret.club/assets/pe_section_spoof/pe_section_spoof.zip
· · 0 · 0 · 0
Inscrivez-vous pour prendre part à la conversation
nanao

Comme le soleil, les machines ne se couchent jamais.

Ressources

Développeurs

Qu’est-ce que Mastodon ?

nanao.cybtex.fr

Davantage…