New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add -Stealth command line switch #272

Open
wants to merge 1 commit into
base: dev
from

Conversation

Projects
None yet
1 participant
@0xdea

0xdea commented Nov 8, 2017

Instead of allocating a memory region with full RWX permissions, which might not work in all scenarios and could potentially be seen as malicious by anti-malware protections, by specifying the -Stealth command line switch the Invoke-Shellcode cmdlet will now allocate memory with RW permissions via the VirtualAlloc()/VirtualAllocEx() Windows API functions and then change memory permissions to RX via VirtualProtect()/VirtualProtectEx() after the shellcode has been copied. Of course, this will not work with shellcodes that need RW access to their buffer in memory (e.g. Metasploit Framework Meterpreter).

Add -Stealth command line switch
Instead of allocating a memory region with full RWX permissions, which might not work in all scenarios and could potentially be seen as malicious by anti-malware protections, by specifying the -Stealth command line switch the script will now allocate memory with RW permissions via the VirtualAlloc()/VirtualAllocEx() Windows API functions and then change memory permissions to RX via VirtualProtect()/VirtualProtectEx() after the shellcode has been copied. Of course, this will not work with shellcodes that need RW access to their buffer in memory (e.g. Metasploit Framework Meterpreter).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment