Skip to content

C# loader that copies a chunk at the time of the shellcode in memory, rather that all at once

Notifications You must be signed in to change notification settings

checkymander/shellcode_runner_copy_in_chunk

 
 

Repository files navigation

C# loader that copies a chunk at the time of the shellcode in memory, rather that all at once

Uses p/invoke to copy an encoded shellcode in memory, 100 bytes (chunks) at the time, rather than all at once

ProgramPatchAmsiEtw also patches AmsiScanBuffer and EtwEventWrite

Yes the code is shit, but meh so what - not like I have the whole day to write good pocs

Tested with Meterpreter staged rev HTTPS payload (encode_shellcode.cs or py version is the code I used to encode the raw one)

ProgramPatchAmsiEtw.cs against SentinelOne (used Babel .net obfuscator - free version - twice on the resulting exe)

Windowz

Meterpreter

Program.cs against Defender

Windowz

Meterpreter

About

C# loader that copies a chunk at the time of the shellcode in memory, rather that all at once

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C# 94.2%
  • Python 5.8%