Search the Community
Showing results for tags 'shhhloader'.
-
Shhhloader is a SysWhispers Shellcode Loader that is currently a Work in Progress. It takes raw shellcode as input and compiles a C++ stub that has been integrated with SysWhispers in order to bypass AV/EDR. The included python builder will work on any Linux system that has Mingw-w64 installed. The tool has been confirmed to successfully load Meterpreter and a Cobalt Strike beacon on fully updated systems with Windows Defender enabled. The project itself is still in a PoC/WIP state, as it currently doesn't work with all payloads. Video Demo [hide][Hidden Content]] Features: 5 Different Shellcode Execution Methods (ProcessHollow, QueueUserAPC, RemoteThreadContext, RemoteThreadSuspended, CurrentThread) PPID Spoofing Block 3rd Party DLLs Syscall Name Randomization XOR Encryption with Dynamic Key Generation Sandbox Evasion via Loaded DLL Enumeration Sandbox Evasion via Checking Processors, Memory, and Time Tested and Confirmed Working on: Windows 10 21H1 (10.0.19043) Windows 10 20H2 (10.0.19042) Windows Server 2019 (10.0.17763) Last Scan Results as of 15/04/22 (Meterpreter): [hide][Hidden Content]] Download [hide][Hidden Content]]