Skip to content

Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2

License

Notifications You must be signed in to change notification settings

CognisysGroup/HadesLdr

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 

Repository files navigation

HadesLdr

A demo of the relevant blog post: Combining Indirect Dynamic Syscalls and API Hashing

Shellcode Loader Implementing :

  • Indirect Dynamic Syscall by resolving the SSN and the address pointing to a backed syscall instruction dynamically.
  • API Hashing by resolving modules & APIs base address from PEB by hashes
  • Fileless Chunked RC4 Shellcode retrieving using Winsock2

Demo :

met.mp4

References :

https://github.com/am0nsec/HellsGate/tree/master
https://cocomelonc.github.io/tutorial/2022/04/02/malware-injection-18.html
https://blog.sektor7.net/#!res/2021/halosgate.md

License / Terms of Use

This software should only be used for authorised testing activity and not for malicious use.

By downloading this software you are accepting the terms of use and the licensing agreement.

About

Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published