Search the Community

Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities. Based on Stephen Fewer’s incredible Reflective Loader project Created while working through Renz0h’s Reflective DLL videos from the Sektor7 Malware Developer Intermediate (MDI) Course Initial Project Goals Learn how Reflective Loader works. Write a Reflective Loader in Assembly. Compatible with Cobalt Strike. Cross compile from macOS/Linux. Implement Inline-Assembly into a C project. Future Project Goals Use the initial project as a template for more advanced evasion techniques leveraging the flexibility of Assembly. Implement Cobalt Strike options such as no RWX, stompPE, module stomping, changing the MZ header, etc. Write a decent Aggressor script. Support x86. Have different versions of the reflective loader to choose from. Implement HellsGate/HalosGate for the initial calls that reflective loader uses (pNtFlushInstructionCache, VirtualAlloc, GetProcAddress, LoadLibraryA, etc). Optimize the assembly code. Hash/obfuscate strings. Some kind of template language overlay that can modify/randomize the registers/methods. [hide][Hidden Content]]

Cobalt Strike User-Defined Reflective Loader Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities. Based on Stephen Fewer’s incredible Reflective Loader project Created while working through Renz0h’s Reflective DLL videos from the Sektor7 Malware Developer Intermediate (MDI) Course Initial Project Goals Learn how Reflective Loader works. Write a Reflective Loader in Assembly. Compatible with Cobalt Strike. Cross compile from macOS/Linux. Implement Inline-Assembly into a C project. Future Project Goals Use the initial project as a template for more advanced evasion techniques leveraging the flexibility of Assembly. Implement Cobalt Strike options such as no RWX, stompPE, module stomping, changing the MZ header, etc. Write a decent Aggressor script. Support x86. Have different versions of the reflective loader to choose from. Implement HellsGate/HalosGate for the initial calls that reflective loader uses (pNtFlushInstructionCache, VirtualAlloc, GetProcAddress, LoadLibraryA, etc). Optimize the assembly code. Hash/obfuscate strings. Some kind of template language overlay that can modify/randomize the registers/methods. [hide][Hidden Content]]

Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities. Initial Project Goals Learn how Reflective Loader works. Write a Reflective Loader in Assembly. Compatible with Cobalt Strike. Cross compile from macOS/Linux. Implement Inline-Assembly into a C project. Future Project Goals Use the initial project as a template for more advanced evasion techniques leveraging the flexibility of Assembly. Implement Cobalt Strike options such as no RWX, stompPE, module stomping, changing the MZ header, etc. Write a decent Aggressor script. Support x86. Have different versions of reflective loader to choose from. Implement HellsGate/HalosGate for the initial calls that reflective loader uses (pNtFlushInstructionCache, VirtualAlloc, GetProcAddress, LoadLibraryA, etc). Optimize the assembly code. Hash/obfuscate strings. Some kind of template language overlay that can modify/randomize the registers/methods. [hide][Hidden Content]]

XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists. It offers the possibility to just generate the payloads as plain-text or to execute them inside an iframe. Inside iframes, it is possible to send GET or POST requests from the browser to arbitrary URLs using generated payloads. XSS Fuzzer is a generic tool that can be useful for multiple purposes, including: Finding new XSS vectors, for any browser Testing XSS payloads on GET and POST parameters Bypassing XSS Auditors in the browser Bypassing web application firewalls Exploiting HTML whitelist features [HIDE][Hidden Content]]

MySQL User-Defined (Linux) x32 / x86_64 sys_exec function local privilege escalation exploit. View the full article

MySQL user-defined (Linux) x32 / x86_64 sys_execfunction local privilege escalation exploit. Can be leveraged against versions 4.x and 5.x. View the full article