From f85a74deca7a5976290a122a56c0fe9597e2171e Mon Sep 17 00:00:00 2001 From: "Mariusz B. / mgeeky" Date: Wed, 29 Sep 2021 12:59:28 +0200 Subject: [PATCH] Added ShellcodeFluctuation --- .gitmodules | 3 +++ windows/README.md | 4 +++- windows/ShellcodeFluctuation | 1 + 3 files changed, 7 insertions(+), 1 deletion(-) create mode 160000 windows/ShellcodeFluctuation diff --git a/.gitmodules b/.gitmodules index 37cb4a7..99b1e40 100644 --- a/.gitmodules +++ b/.gitmodules @@ -61,3 +61,6 @@ [submodule "windows/ThreadStackSpoofer"] path = windows/ThreadStackSpoofer url = https://github.com/mgeeky/ThreadStackSpoofer +[submodule "windows/ShellcodeFluctuation"] + path = windows/ShellcodeFluctuation + url = https://github.com/mgeeky/ShellcodeFluctuation diff --git a/windows/README.md b/windows/README.md index ba59811..d952c26 100644 --- a/windows/README.md +++ b/windows/README.md @@ -100,9 +100,11 @@ PS> python3 rdpFileUpload.py -v -f certutil README.md - **`revshell.c`** - Utterly simple reverse-shell, ready to be compiled by `mingw-w64` on Kali. No security features attached, completely not OPSEC-safe. +- [**`ShellcodeFluctuation`**](https://github.com/mgeeky/ShellcodeFluctuation) - An in-memory evasion technique fluctuating shellcode memory protection between RW & RX and encrypting/decrypting contents. + - **`Simulate-DNSTunnel.ps1`** - Performs DNS Tunnelling simulation for purpose of triggering installed Network IPS and IDS systems, generating SIEM offenses and picking up Blue Teams. -- **`ThreadStackSpoofer`** - A PoC implementation for an advanced in-memory evasion technique that spoofs Thread Call Stack. This technique allows to bypass thread-based memory examination rules and better hide shellcodes while in-process memory. +- [**`ThreadStackSpoofer`**](https://github.com/mgeeky/ThreadStackSpoofer) - A PoC implementation for an advanced in-memory evasion technique that spoofs Thread Call Stack. This technique allows to bypass thread-based memory examination rules and better hide shellcodes while in-process memory. - **`UnhookMe`** - Dynamically unhooking imports resolver. Implementation of dynamic imports resolver that would be capable of unhooking used functions in-the-fly is yet another step towards strengthening adversary resilience efforts. diff --git a/windows/ShellcodeFluctuation b/windows/ShellcodeFluctuation new file mode 160000 index 0000000..fe006c6 --- /dev/null +++ b/windows/ShellcodeFluctuation @@ -0,0 +1 @@ +Subproject commit fe006c65699da7de2278d6b3859e3049086a8594