Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
Total 1 files
■ ■ ■ ■ ■ ■
README.md
skipped 6 lines
7
7
This is an example implementation for _Thread Stack Spoofing_ technique aiming to evade Malware Analysts, AVs and EDRs looking for references to shellcode's frames in an examined thread's call stack.
8
8
The idea is to walk back thread's call stack and overwrite return addresses in subsequent function frames thus masquerading allocations containing malware's code.
9
9
10
-
An implementation may differ, however the idea is roughly similar to what [MDSec'sNighthawk C2](https://www.mdsec.co.uk/nighthawk/)offers for its agents.
11
-
Especially demonstrated in this video:
10
+
An implementation may differ, however the idea is roughly similar to what commercial C2frameworksoffer for its agents.
This implementation along with my [ShellcodeFluctuation](https://github.com/mgeeky/ShellcodeFluctuation) brings Offensive Security community sample implementations to catch up on the offering made by commercial C2 products, so that we can do no worse in our Red Team toolings. 💪
12
+
Implementation along with my [ShellcodeFluctuation](https://github.com/mgeeky/ShellcodeFluctuation) brings Offensive Security community sample implementations to catch up on the offering made by commercial C2 products, so that we can do no worse in our Red Team toolings. 💪
Mariusz B. / mgeeky
committed
3 years ago
1 parent 332eaf71