Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/tomchuoi/pe_analysis
PE malware training exercises
https://github.com/tomchuoi/pe_analysis
assembly-x86 cpp malware masm32 pe-injection shellcode trojan
Last synced: 4 months ago
JSON representation
PE malware training exercises
- Host: GitHub
- URL: https://github.com/tomchuoi/pe_analysis
- Owner: tomchuoi
- Created: 2024-01-10T17:02:56.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2024-09-12T00:17:47.000Z (5 months ago)
- Last Synced: 2024-09-12T10:13:00.981Z (5 months ago)
- Topics: assembly-x86, cpp, malware, masm32, pe-injection, shellcode, trojan
- Language: Assembly
- Homepage:
- Size: 344 KB
- Stars: 3
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Shellcode development and PE Injection
This project is designed to understand the shellcode development, Portable Executable (PE) file structure and the process of injecting shellcode by modifying its structure.
## Features
+ PE Parsing: This program extracts information from PE Headers, including sections, imported modules and more.
+ TCP reverse shell: A shellcode written in MASM that sets up backdoor on Windows. It adds itself to the registry for persistence, establishes a reverse shell to the attacker and dynamically resolves API functions and system calls at run time.
+ Shellcode Injection: Create new section in the PE file and inject tcp reverse shell into it.
## Note
This project is designed for educational purposes only.
## How to use the reverse shell
Start the listener on port 4444 on the attack machine using netcat nc -lvp 4444 .
Make sure to change the ip address of the attacker in the shellcode first.