Added ThreadStackSpoofer

This commit is contained in:
Mariusz B. / mgeeky 2021-09-27 00:53:28 +02:00
parent 82258ffdf0
commit e1bf705615
3 changed files with 6 additions and 0 deletions

3
.gitmodules vendored
View File

@ -58,3 +58,6 @@
[submodule "red-teaming/ElusiveMice"]
path = red-teaming/ElusiveMice
url = https://github.com/mgeeky/ElusiveMice
[submodule "windows/ThreadStackSpoofer"]
path = windows/ThreadStackSpoofer
url = https://github.com/mgeeky/ThreadStackSpoofer

View File

@ -102,6 +102,8 @@ PS> python3 rdpFileUpload.py -v -f certutil README.md
- **`Simulate-DNSTunnel.ps1`** - Performs DNS Tunnelling simulation for purpose of triggering installed Network IPS and IDS systems, generating SIEM offenses and picking up Blue Teams.
- **`ThreadStackSpoofer`** - A PoC implementation for an advanced in-memory evasion technique that spoofs Thread Call Stack. This technique allows to bypass thread-based memory examination rules and better hide shellcodes while in-process memory.
- **`UnhookMe`** - Dynamically unhooking imports resolver. Implementation of dynamic imports resolver that would be capable of unhooking used functions in-the-fly is yet another step towards strengthening adversary resilience efforts.
```

@ -0,0 +1 @@
Subproject commit d25cef0ff5eba07a26b5be4f6999b76167081e2f