SLAE - Polymorphic Shell

December 25th, 2021

Michael Metzjer

Summary

Code that uses a polymorphic engine to mutate while keeping the original algorithm intact. 

https://en.wikipedia.org/wiki/Polymorphic_code
			

Structure

  
      -- aes.c  
      -- aes.h  
      -- aes.hpp  
      -- main.cpp  
      -- ncrypt.cpp  
    

AES256 Encryption Compiler

$ g++ -c -o includes/aes.h includes/aes.hpp includes/aes.c aes.o

Shellcode Encryption

$ g++ ncrypt.cpp aes.o (256 encryption key)

PE Injection Compiler

$ g++ main.cpp aes.o

Task

Attempt at writing custom malware binary + remote process simulation with encrypted shellcode that executes with minimal AV detection. (Educational)

• 1. Creates new process to host malicious code in suspended mode.
• 2.
• 3.