Skip to content
/ HadesLdr Public

Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2

License

BSD-3-Clause license
287 stars 44 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

CognisysGroup/HadesLdr

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
IDSyscall
IDSyscall
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

HadesLdr

A demo of the relevant blog post: Combining Indirect Dynamic Syscalls and API Hashing

Shellcode Loader Implementing :

  • Indirect Dynamic Syscall by resolving the SSN and the address pointing to a backed syscall instruction dynamically.
  • API Hashing by resolving modules & APIs base address from PEB by hashes
  • Fileless Chunked RC4 Shellcode retrieving using Winsock2

Demo :

met.mp4

References :

https://github.com/am0nsec/HellsGate/tree/master
https://cocomelonc.github.io/tutorial/2022/04/02/malware-injection-18.html
https://blog.sektor7.net/#!res/2021/halosgate.md

License / Terms of Use

This software should only be used for authorised testing activity and not for malicious use.

By downloading this software you are accepting the terms of use and the licensing agreement.

About

Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

287 stars

Watchers

3 watching

Forks

44 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages