Skip to content
/ HellLoader Public

Undetectable Loader for Cobalt Strike Using Syscalls And A External Shellcode

6 stars 11 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Phuong39/HellLoader

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
HellsGate
HellsGate
 
 
README.md
README.md
 
 

Repository files navigation

Hellsgate

Undetectable Loader for Cobalt Strike Using Syscalls And A External Shellcode

Features:

  • Using Syscalls from Hellsgate tech
  • loading the shellcode from a encrypted bin file
  • ability to download the shellcode file from a website

ALL YOU NEED:

  • python3 for the encoder
  • visual studio 2017 or above
  • cobalt strike; download it from here

USAGE:

  • first generate your payload file, from cobalt strike as x64 raw
  • then encrypts it with the binencoder.py Ex: binencoder.py payload.bin
  • upload result.bin ; which is your encrypted payload file to a website and copy the link of download to your code Ex: the link can be 'raw' / 'download' from 'github' or 'gitlab' or any other website u can download from
  • after u have ur link copied, paste it in Download.cpp
  • then compile it as x64 release in visual studio 2017 (or above)
  • its done

More For You:

  • you can execute anti sandbox functions before the download of the payload, and possibly change the link to a good binary instead of the shellcode .
  • this way the loader will download a known good binary [make sure its signed by microsoft for extra]
  • so when we are in a sandbox we will download a good software, else our shellcode

Based on :

About

Undetectable Loader for Cobalt Strike Using Syscalls And A External Shellcode

Resources

Readme
Activity

Stars

6 stars

Watchers

0 watching

Forks

11 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages