From 94708ac5d6dc7457d807e41bd146f5ed7dafb813 Mon Sep 17 00:00:00 2001
From: Oddvar Moe <oddvar.moe@gmail.com>
Date: Thu, 23 Jan 2020 08:57:43 +0100
Subject: [PATCH] Added links to obfuscation technique from Sailay(valen) on
 rundll32

---
 yml/OSBinaries/Rundll32.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/yml/OSBinaries/Rundll32.yml b/yml/OSBinaries/Rundll32.yml
index d452cb6..2d1ad59 100644
--- a/yml/OSBinaries/Rundll32.yml
+++ b/yml/OSBinaries/Rundll32.yml
@@ -73,6 +73,8 @@ Resources:
   - Link: https://oddvar.moe/2017/12/13/applocker-case-study-how-insecure-is-it-really-part-1/
   - Link: https://oddvar.moe/2018/01/14/putting-data-in-alternate-data-streams-and-how-to-execute-it/
   - Link: https://bohops.com/2018/06/28/abusing-com-registry-structure-clsid-localserver32-inprocserver32/
+  - Link: https://github.com/sailay1996/expl-bin/blob/master/obfus.md
+  - Link: https://github.com/sailay1996/misc-bin/blob/master/rundll32.md
 Acknowledgement:
   - Person: Casey Smith
     Handle: '@subtee'
@@ -80,4 +82,6 @@ Acknowledgement:
     Handle: '@oddvarmoe'
   - Person: Jimmy
     Handle: '@bohops'
+  - Person: Sailay
+    Handle: '@404death'
 ---