├── Detection
    ├── Fermion_MapModuleToMemory.js
    ├── Fermion_SharpSploit_MapModuleToMemory.png
    ├── ModuleLoadCorrelation_post.png
    ├── ModuleLoadCorrelation_pre.png
    ├── SilkETW_SharpSploit.yar
    ├── SilkETW_SharpSploit_Yara.json
    ├── SilkETW_SharpSploit_Yara.png
    └── SilkETW_SharpSploit_Yara.txt
├── README.md
├── Ruben Boonen & TheWover - BHIL2020_Staying#_v0.4.pdf
└── Usage
    ├── 1_ManualMapPE.cs
    ├── 1_ManualMapPE.png
    ├── 2_Overload.cs
    ├── 2_Overload.png
    ├── 3_Syscall.cs
    ├── 3_Syscall.png
    ├── 4_Resolve.cs
    └── 4_Resolve.png


/Detection/Fermion_MapModuleToMemory.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuzzySecurity/BlueHatIL-2020/HEAD/Detection/Fermion_MapModuleToMemory.js


--------------------------------------------------------------------------------
/Detection/Fermion_SharpSploit_MapModuleToMemory.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuzzySecurity/BlueHatIL-2020/HEAD/Detection/Fermion_SharpSploit_MapModuleToMemory.png


--------------------------------------------------------------------------------
/Detection/ModuleLoadCorrelation_post.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuzzySecurity/BlueHatIL-2020/HEAD/Detection/ModuleLoadCorrelation_post.png


--------------------------------------------------------------------------------
/Detection/ModuleLoadCorrelation_pre.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuzzySecurity/BlueHatIL-2020/HEAD/Detection/ModuleLoadCorrelation_pre.png


--------------------------------------------------------------------------------
/Detection/SilkETW_SharpSploit.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuzzySecurity/BlueHatIL-2020/HEAD/Detection/SilkETW_SharpSploit.yar


--------------------------------------------------------------------------------
/Detection/SilkETW_SharpSploit_Yara.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuzzySecurity/BlueHatIL-2020/HEAD/Detection/SilkETW_SharpSploit_Yara.json


--------------------------------------------------------------------------------
/Detection/SilkETW_SharpSploit_Yara.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuzzySecurity/BlueHatIL-2020/HEAD/Detection/SilkETW_SharpSploit_Yara.png


--------------------------------------------------------------------------------
/Detection/SilkETW_SharpSploit_Yara.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuzzySecurity/BlueHatIL-2020/HEAD/Detection/SilkETW_SharpSploit_Yara.txt


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuzzySecurity/BlueHatIL-2020/HEAD/README.md


--------------------------------------------------------------------------------
/Ruben Boonen & TheWover - BHIL2020_Staying#_v0.4.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuzzySecurity/BlueHatIL-2020/HEAD/Ruben Boonen & TheWover - BHIL2020_Staying#_v0.4.pdf


--------------------------------------------------------------------------------
/Usage/1_ManualMapPE.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuzzySecurity/BlueHatIL-2020/HEAD/Usage/1_ManualMapPE.cs


--------------------------------------------------------------------------------
/Usage/1_ManualMapPE.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuzzySecurity/BlueHatIL-2020/HEAD/Usage/1_ManualMapPE.png


--------------------------------------------------------------------------------
/Usage/2_Overload.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuzzySecurity/BlueHatIL-2020/HEAD/Usage/2_Overload.cs


--------------------------------------------------------------------------------
/Usage/2_Overload.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuzzySecurity/BlueHatIL-2020/HEAD/Usage/2_Overload.png


--------------------------------------------------------------------------------
/Usage/3_Syscall.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuzzySecurity/BlueHatIL-2020/HEAD/Usage/3_Syscall.cs


--------------------------------------------------------------------------------
/Usage/3_Syscall.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuzzySecurity/BlueHatIL-2020/HEAD/Usage/3_Syscall.png


--------------------------------------------------------------------------------
/Usage/4_Resolve.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuzzySecurity/BlueHatIL-2020/HEAD/Usage/4_Resolve.cs


--------------------------------------------------------------------------------
/Usage/4_Resolve.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuzzySecurity/BlueHatIL-2020/HEAD/Usage/4_Resolve.png


--------------------------------------------------------------------------------