https://github.com/processust/venoma
Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution
https://github.com/processust/venoma
antivirus bypass c2 cobalt dropper edr indirect malware payload pentest red strike syscalls team
Last synced: 9 months ago
JSON representation
Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution
- Host: GitHub
- URL: https://github.com/processust/venoma
- Owner: ProcessusT
- Created: 2024-01-14T17:24:27.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2024-03-19T13:23:20.000Z (almost 2 years ago)
- Last Synced: 2025-04-12T02:12:31.360Z (9 months ago)
- Topics: antivirus, bypass, c2, cobalt, dropper, edr, indirect, malware, payload, pentest, red, strike, syscalls, team
- Language: C++
- Homepage: https://processus.site
- Size: 76.2 MB
- Stars: 174
- Watchers: 9
- Forks: 36
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Venoma
Yet another ☠️ Cobalt Strike ☠️ beacon dropper
> A custom C++ raw beacon dropper with :
> Compile Time API Hashing
> Run-Time Dynamic Linking
> PPID spoofing
> DLL Unhooking (Fresh + Perun's fart)
> ETW Patching
> EnumPageFilesW execution
> Local & remote APC Execution
> Indirect syscall execution
> Cobalt Strike Artifact kit integration
> Self deletion
>
All functions are included, choose what you need and remove anything else before compiling.
## Cobalt Strike artifact kit integration
> Compile the project and rename the binary to artifact64big.exe
> Add your own artifact.cna in the same folder
> Load your cna into Cobalt Strike and generate a stageless Windows payload
> Enjoy
Video tutorial here : https://www.youtube.com/watch?v=tGa3xJymEfY
## What da fuck is this ?
I would learn more about antivirus evasion so I made a video on Youtube :
https://www.youtube.com/watch?v=lFO2bPzxLGI