From b27c6b31f17b96184cf7b4d0b762a582e3041aca Mon Sep 17 00:00:00 2001 From: ae Date: Fri, 6 Sep 2024 13:30:35 +0300 Subject: [PATCH] fix: update links to project repos --- content/blog/understanding-srdi.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/blog/understanding-srdi.md b/content/blog/understanding-srdi.md index a80a172..564b146 100644 --- a/content/blog/understanding-srdi.md +++ b/content/blog/understanding-srdi.md @@ -23,7 +23,7 @@ Implementing a reflective loader myself provided a great insight into PE files a ## Implementation -The complete implementation can be found from [the Github repository](https://github.com/17ms/airborne). The following explanations focus on the loader itself as the supporting components (process injector, shellcode generator, and payload) are basically just pasted from existing implementations mentioned in the [references](#references). +The complete implementation can be found from [the Gitea repository](https://umbrella.haus/ae/airborne). The following explanations focus on the loader itself as the supporting components (process injector, shellcode generator, and payload) are basically just pasted from existing implementations mentioned in the [references](#references). The following helper functions are utilized to make the RVA calculations a bit easier to read: @@ -656,7 +656,7 @@ As hinted in the previous sections, the loader utilizes a few trivial obfuscatio - XOR encrypted payload shellcode - Unique key generated during shellcode generation -If we take a look at the whole [repository](https://github.com/17ms/airborne), we can identify the PoC injector (utilizing plain `CreateRemoteThread`) as quite apparent weak link in the chain. Projects like [BypassAV by matro7sh](https://github.com/matro7sh/BypassAV) display a variety of a lot better techniques, if one is interested in improving in that area: +If we take a look at the whole [repository](https://umbrella.haus/ae/airborne), we can identify the PoC injector (utilizing plain `CreateRemoteThread`) as quite apparent weak link in the chain. Projects like [BypassAV by matro7sh](https://github.com/matro7sh/BypassAV) display a variety of a lot better techniques, if one is interested in improving in that area: