/tags/malware-development/ Recent content in Malware-Development on Vanilla InfoSec Hugo -- gohugo.io en Wed, 13 May 2026 00:00:00 +0000 /posts/belphc2---jitter-logic-and-chaos-theory/ Wed, 13 May 2026 00:00:00 +0000 /posts/belphc2---jitter-logic-and-chaos-theory/ BelphC2 - Jitter Logic and Chaos Theory Disclaimer Is this necessary? Probably not… Do I find this cool and do I want to blab about it? Yes! Introduction to Jittering While developing BelphC2’s polling behavior, I had to decide how to generate seemingly random jittering values. Most post exploitation frameworks implement some form of a jitter. The term “jitter” refers to how a post exploitation framework’s beacon/implant manages its communication or ‘polling’ intervals. /posts/introduction-to-process-injection---a-primer-on-the-theory/ Thu, 16 Apr 2026 00:00:00 +0000 /posts/introduction-to-process-injection---a-primer-on-the-theory/ What is Process Injection? In essence, process injection involves: Inserting a block of code (usually shellcode) into the memory space of a process. Process injection is a means to an end for evading on disk detection. Instead of executing malicious code directly via a PE file or script (which could more easily be caught on disk by antivirus or EDR), the code is injected into process memory. While by no means is this a reliably stealthy on its own, it is a fundamental concept needed to be understood before developing more advanced execution workflows. /posts/remote-thread-injection---writing-a-powershell-shellcode-loader/ Thu, 16 Apr 2026 00:00:00 +0000 /posts/remote-thread-injection---writing-a-powershell-shellcode-loader/ Process Injection in Practice: PowerShell Remote Thread Injection In the previous article, we explored what exactly process injection is, why it is used, and how blue teams attempt to detect it. In this post, we move from theory into practice by walking through a real-world example of the classic Remote Thread Injection technique, implemented using PowerShell. This example is intentionally straightforward and educational. It does not attempt to evade EDR, bypass AMSI, or conceal behavior whatsoever. /posts/belphc2---dumping-passwords-out-of-web-browsers/ Sun, 01 Mar 2026 00:00:00 +0000 /posts/belphc2---dumping-passwords-out-of-web-browsers/ Save password..? Yes It feels like web browsers have accidentally become credential vaults? Mainly because… Well we typically hit “save password” when prompted: Admittedly, without much prior thought! Credentials for: Email accounts. Banking logins. Corporate VPN credentials. Cloud dashboards. Developer secrets. Session tokens. But there’s an important detail here in regards to how these browsers secure credentials in default configurations: Browser password managers are often designed to protect data at rest, not necessarily protect data from the logged-in user context itself. /posts/rust-malware-development---linux-keylogger/ Thu, 04 Sep 2025 00:00:00 +0000 /posts/rust-malware-development---linux-keylogger/ Overview Keyloggers remain a valid TTP for offering deep insight into user behavior. I wanted to write one in Rust aiming for a binary that was memory-safe and efficient (I’m really just learning Rust because it’s trendy and my coworkers like using it). We will be leveraging the evdev interface — the Linux kernel’s raw input event device system. This gives us direct, low-noise access to keystroke events from /dev/input/event*