This implementation along with my [ShellcodeFluctuation](https://github.com/mgeeky/ShellcodeFluctuation) brings Offensive Security community sample implementations to catch up on the offering made by commercial C2 products, so that we can do no worse in our Red Team toolings. 💪
16
+
17
+
15
18
## How it works?
16
19
17
20
This program performs self-injection shellcode (roughly via classic `VirtualAlloc` + `memcpy` + `CreateThread`).
skipped 61 lines
79
82
While developing your advanced shellcode loader, you might also want to implement:
80
83
81
84
- **Process Heap Encryption** - take an inspiration from this blog post: [Hook Heaps and Live Free](https://www.arashparsa.com/hook-heaps-and-live-free/) - which can let you evade Beacon configuration extractors like [`BeaconEye`](https://github.com/CCob/BeaconEye)
82
-
- **Change your Beacon's memory pages protection to `RW` (from `RX/RWX`) and encrypt their contents** before sleeping (that could evade scanners such as [`Moneta`](https://github.com/forrest-orr/moneta) or [`pe-sieve`](https://github.com/hasherezade/pe-sieve))
85
+
- **Change your Beacon's memory pages protection to `RW` (from `RX/RWX`) and encrypt their contents** -using[ShellcodeFluctuation](https://github.com/mgeeky/ShellcodeFluctuation)technique-rightbefore sleeping (that could evade scanners such as [`Moneta`](https://github.com/forrest-orr/moneta) or [`pe-sieve`](https://github.com/hasherezade/pe-sieve))
83
86
- **Clear out any leftovers from Reflective Loader** to avoid in-memory signatured detections
84
87
- **Unhook everything you might have hooked** (such as AMSI, ETW, WLDP) before sleeping and then re-hook afterwards.
Mariusz B. / mgeeky
committed
3 years ago
1 parent 98bf4116