Search the Community
Showing results for tags 'aceldr:'.
-
A position-independent reflective loader for Cobalt Strike. Zero results from Hunt-Sleeping-Beacons, BeaconHunter, BeaconEye, Patriot, Moneta, PE-sieve, or MalMemDetect. Features Easy to Use Import a single CNA script before generating shellcode. Dynamic Memory Encryption Creates a new heap for any allocations from Beacon and encrypts entries before sleep. Code Obfuscation and Encryption Changes the memory containing CS executable code to non-executable and encrypts it (FOLIAGE). Return Address Spoofing at Execution Certain WinAPI calls are executed with a spoofed return address (InternetConnectA, NtWaitForSingleObject, RtlAllocateHeap). Sleep Without Sleep Delayed execution using WaitForSingleObjectEx. RC4 Encryption All encryption is performed with SystemFunction032. Known Issues Not compatible with loaders that rely on the shellcode thread staying alive. [hide][Hidden Content]]