Skip to content

0xsp-SRD/mortar

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 1 tag
Code

Latest commit

@lawrenceamer
lawrenceamer Update README.md
c92342c Aug 3, 2022
Update README.md
c92342c

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.github
Create FUNDING.yml
March 19, 2022 01:02
DLL
Mortar V2
May 23, 2022 00:06
Encryptor
Fix encryption & decryption key
June 8, 2022 10:33
Lib
Mortar V2
May 23, 2022 00:06
demo
Add files via upload
May 27, 2022 13:15
LICENSE
Create LICENSE
December 13, 2021 11:36
README.md
Update README.md
August 3, 2022 11:38
Mortar Loader Usage Encryptor Loader (DLL) Loader (EXE) ( HAS BEEN REMOVED IN V2) Compiling the Loader (windows only) Compiling Encryptor(Linux/BSD/Arm/MacOS//windows) Support the research sponsor ?

README.md

Mortar Loader

red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions and it has been tested and confirmed bypass for the following:

  • Kaspersky ✔️
  • ESET ✔️
  • Malewarebytes ✔️
  • Mcafee ✔️
  • Windows defender ❗
  • Cylance:heavy_check_mark:
  • TrendMicro ✔️
  • Bitdefender ✔️
  • Norton Symantec ✔️
  • Sophos ✔️

detailed research and techniques : https://0xsp.com/security%20research%20&%20development%20(SRD)/defeat-the-castle-bypass-av-advanced-xdr-solutions

Mortar Loader v2 features : https://0xsp.com/offensive/mortar-loader-v2/

CrestCon Asia 2021 talk : https://www.youtube.com/watch?v=H7EMBz7GLMk

Usage

Encryptor

root@kali>./encryptor -f mimikatz.exe -o bin.enc

Loader (DLL)

directly execute the agressor.dll using rundll32 or any DLL injection technique you prefer

rundll32.exe agressor.dll,start

for shellcode running

rundll32 agressor.dll,sh

Loader (EXE) ( HAS BEEN REMOVED IN V2)

the executable version has more options you can use, as you able to pass commands for the loaded binary

##Mimikatz dump LSA 
deliver.exe -d -c sekurlsa::logonpasswords -f mimikatz.enc 

## Cobalt strike beacon 
deliver.exe -d -f cobalt.enc

Compiling the Loader (windows only)

the project has been coded using FPC(Free Pascal), the compiling procedures are straightforward by downloading and installing Lazarus IDE (https://www.lazarus-ide.org/index.php?page=downloads).

Compiling Encryptor(Linux/BSD/Arm/MacOS//windows)

either by downloading and installing Lazarus-IDE from the official site(https://www.lazarus-ide.org/index.php?page=downloads)

#Debian & Ubuntu 

apt install fpc 
apt install lazarus-ide

Support the research

if you think you have benefited from this open-source project and want more updates in the future, please mind time and efforts by making a donation https://donorbox.org/support-0xsp

sponsor ?

  • you show continues appreciation of my work
  • you will get early access into private repos and get support for any raise issue

About

evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)

Topics

evasion bypass-antivirus redteam-tools bypass-edr

Resources

Readme

License

MIT license
Activity

Stars

1.2k stars

Watchers

26 watching

Forks

197 forks
Report repository

Releases 1

Encryptor for Kali Latest
May 27, 2022

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

No packages published

Contributors 2

Languages