Skip to content

KuwaitiSt/Astral_Projection

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
loader
loader
 
 
Astral_Projection.cna
Astral_Projection.cna
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
libtcg.x64.zip
libtcg.x64.zip
 
 

Repository files navigation

Astral Projection - UDRL

Astral Projection is a Cobalt Strike UDRL (User-Defined Reflective Loader), that preforms advanced module stomping.

The UDRL loads a module using LoadLibraryExW and stomps it. During sleep it unmaps the module while keeping PEB entries intact, then remaps a fresh module to avoid any IOCs while sleeping.

This project is built with Crystal Palace. Some of the code was adopted from the Crystal-Kit project.

A technical blog post covering the techniques used in detail can be found here

Profile

  • Disable the sleepmask and stage obfuscations in Malleable C2.
stage {
    set sleep_mask "false";
    set cleanup "true";
    transform-obfuscate { }
}

post-ex {
    set cleanup "true";
    set smartinject "true";
}
  • Copy crystalpalace.jar to your Cobalt Strike client directory.
  • Load Astral_Projection.cna.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

25 stars

Watchers

0 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 1

Languages