update

2021-10-17 15:24:28 +02:00 · 2021-10-17 15:24:28 +02:00 · ed02ce7b19
parent e104ba2539 dc93b88900
commit ed02ce7b19
5 changed files with 21 additions and 0 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -49,3 +49,9 @@
 [submodule "red-teaming/ElusiveMice"]
 	path = red-teaming/ElusiveMice
 	url = https://github.com/mgeeky/ElusiveMice
+[submodule "windows/ThreadStackSpoofer"]
+	path = windows/ThreadStackSpoofer
+	url = https://github.com/mgeeky/ThreadStackSpoofer
+[submodule "windows/ShellcodeFluctuation"]
+	path = windows/ShellcodeFluctuation
+	url = https://github.com/mgeeky/ShellcodeFluctuation
--- a/README.md
+++ b/README.md
@ -25,6 +25,15 @@ The collection is divided further onto following sections:

 The base of these tools do not contain any customer/client related sensitive information as well as there are no engagement-specific tools developed as PoCs.

+---
+
+### ☕ Show Support ☕
+
+This and other projects are outcome of sleepless nights and **plenty of hard work**. If you like what I do and appreciate that I always give back to the community,
+[Consider buying me a coffee](https://github.com/sponsors/mgeeky) _(or better a beer)_ just to say thank you! 💪 
+
+---
+
 ```
 Mariusz B. / mgeeky, (@mariuszbit)
 <mb [at] binary-offensive.com>
--- a/windows/README.md
+++ b/windows/README.md
@ -100,8 +100,12 @@ PS> python3 rdpFileUpload.py -v -f certutil README.md

 - **`revshell.c`** - Utterly simple reverse-shell, ready to be compiled by `mingw-w64` on Kali. No security features attached, completely not OPSEC-safe.

+- [**`ShellcodeFluctuation`**](https://github.com/mgeeky/ShellcodeFluctuation) - An in-memory evasion technique fluctuating shellcode memory protection between RW & RX and encrypting/decrypting contents.
+
 - **`Simulate-DNSTunnel.ps1`** - Performs DNS Tunnelling simulation for purpose of triggering installed Network IPS and IDS systems, generating SIEM offenses and picking up Blue Teams.

+- [**`ThreadStackSpoofer`**](https://github.com/mgeeky/ThreadStackSpoofer) - A PoC implementation for an advanced in-memory evasion technique that spoofs Thread Call Stack. This technique allows to bypass thread-based memory examination rules and better hide shellcodes while in-process memory.
+
 - **`UnhookMe`** - Dynamically unhooking imports resolver. Implementation of dynamic imports resolver that would be capable of unhooking used functions in-the-fly is yet another step towards strengthening adversary resilience efforts. 

 ```
--- a/windows/ShellcodeFluctuation
+++ b/windows/ShellcodeFluctuation
@ -0,0 +1 @@
+Subproject commit 21a7194ca70b5a2133457047350595ee0856a284
--- a/windows/ThreadStackSpoofer
+++ b/windows/ThreadStackSpoofer
@ -0,0 +1 @@
+Subproject commit 37490f57f5c458c69aa2cf92dbb7b6f67141ae89
				`@ -0,0 +1 @@`
				`Subproject commit 21a7194ca70b5a2133457047350595ee0856a284`
				`@ -0,0 +1 @@`
				`Subproject commit 37490f57f5c458c69aa2cf92dbb7b6f67141ae89`