https://github.com/evilashz/RemoteMemorymodule
Load the evilDLL from socket connection without touch disk
https://github.com/evilashz/RemoteMemorymodule
cobaltstrike redteam
Last synced: 7 months ago
JSON representation
Load the evilDLL from socket connection without touch disk
- Host: GitHub
- URL: https://github.com/evilashz/RemoteMemorymodule
- Owner: evilashz
- Created: 2021-08-10T00:42:03.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2021-08-27T04:22:53.000Z (almost 4 years ago)
- Last Synced: 2024-08-05T17:27:27.456Z (11 months ago)
- Topics: cobaltstrike, redteam
- Language: C++
- Homepage:
- Size: 13.7 KB
- Stars: 15
- Watchers: 2
- Forks: 7
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - evilashz/RemoteMemorymodule - Load the evilDLL from socket connection without touch disk (C++)
README
# RemoteMemorymodule
Load the evilDLL from socket connection without touch disk
Inspired by @Rvn0xsy and the famous [MemoryModule](https://github.com/fancycode/MemoryModule) project
#### Server
Maked a simple socket server via c++ which is called `PigSender`(only work on Linux)
Responsible for processing the request sent by the client and transferring the DLL
#### Client
1. Added a simple anti-simulation method, and receive DLL file from remote Server
2. Finally, simply call MemoryModule
## Usage:
1. Put your DLL on the VPS and specify the file to be sent and the listening port
2. In the Client, just specify the address listened in the first step
Of course, for better results, you can encrypt the traffic in network transmission, cause the feature of PE files are very obvious
**Thanks to this excellent "non-landing" technology, you can use this project to reduce the pain of evasion anti-virus in some temporary environments**