Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Add -Stealth command line switch #272
Instead of allocating a memory region with full RWX permissions, which might not work in all scenarios and could potentially be seen as malicious by anti-malware protections, by specifying the -Stealth command line switch the Invoke-Shellcode cmdlet will now allocate memory with RW permissions via the VirtualAlloc()/VirtualAllocEx() Windows API functions and then change memory permissions to RX via VirtualProtect()/VirtualProtectEx() after the shellcode has been copied. Of course, this will not work with shellcodes that need RW access to their buffer in memory (e.g. Metasploit Framework Meterpreter).