TerraLdr – A Payload Loader Designed With Advanced Evasion Features

TerraLdr: A Payload Loader Designed With Advanced Evasion Features Details: no crt functions imported syscall unhooking using KnownDllUnhook api hashing using Rotr32 hashing algo payload encryption using rc4 – payload is saved in .rsrc process injection – targetting ‘SettingSyncHost.exe’ ppid spoofing & blockdlls policy using NtCreateUserProcess stealthy remote process injection – chunking using debugging &Read More

laZzzy – Shellcode Loader, Developed Using Different Open-Source Libraries, That Demonstrates Different Execution Techniques

[*] laZzzy is a shellcode loader that demonstrates different execution techniques commonly employed by malware. laZzzy was developed using different open-source header-only libraries. Features Direct syscalls and native (Nt*) functions (not all functions but most) Import Address Table (IAT) evasion Encrypted payload (XOR and AES) Randomly generated key Automatic padding (if necessary) of payload withRead More

Nim-Loader – WIP Shellcode Loader In Nim With EDR Evasion Techniques

a very rough work-in-progress adventure into learning nim by cobbling resources together to create a shellcode loader that implements common EDR/AV evasion techniques. This is a mess and is for research purposes only! Please don’t expect it to compile and run without your own modifications. Instructions Replace the byte array in loader.nim with your ownRead More

NimPackt-v1 – Nim-based Assembly Packer And Shellcode Loader For Opsec And Profit

By Cas van Cooten (@chvancooten) With special thanks to Marcello Salvati (@byt3bl33der) and Fabian Mosch (@S3cur3Th1sSh1t) Description Update: NimPackt-v1 is among the worst code I have ever written (I was just starting out learning Nim). Because of this, I started on a full rewrite of NimPackt, dubbed ‘NimPackt-NG’ (currently still private). With this re-write, IRead More