Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel.

Overview

Skrull

Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting technique. Also, launchers are totally anti-copy and naturally broken when got submitted.

It's a proof-of-concept of the talk of ROOTCON & HITCON 2021, check out Skrull Like A King: From File Unlink to Persistence and Skrull Like A King:從重兵看守的天眼防線殺出重圍 :)

note that currently support only x64 PE now, due to the ghosting technique.

Video Demo

Issues
  • Errors when compiling in Visual Studio

    Errors when compiling in Visual Studio

    Hi, I'm compiling the source code in Visual Studio Community 2019 but am getting the following errors:

    image

    What I'm doing is launch Visual Studio 2019 > Open a project or solution > Skrull.vcxproj.

    Please let me know if there is a way to resolve this or an alternative way of compiling. Thank you.

    opened by deetee1 2
Releases(1.0)
Owner
Sheng-Hao Ma
30cm.tw/me
Sheng-Hao Ma
My submission for a Uni Assignment!

Dice Throw Game Problem Statement : Assume an online board game in which each player tosses dice. Each time, the count on the dice is added to the pla

Preethi Samantha Bennet 3 Jan 3, 2022
Submission repo for Coderspree

Coderspree Please visit the Guide Minimum problems to complete | GettingStarted: 5 | Patterns: 6 | FunctionAndArrays: 5 | 2DArrays: 5 | Stats No Profi

null 21 Feb 11, 2022
A toolchain designed to build a DRM-free version of Rifts: Promise of Power for the Nokia N-Gage.

Rifts: Promise of Power A toolchain designed to build a DRM-free version of Rifts: Promise of Power for the Nokia N-Gage. How-to First clone the repos

Michael Fitzmayer 4 Mar 27, 2022
Fairplay research - Some RE work on Apple's Fairplay DRM

Poor Man's Kernel Debuger This project loads FairplayIOKit kernel driver into userspace and make it possible for LLDB to debug How to Compile In proje

pwnorz 113 May 25, 2022
Harsh Badwaik 1 Dec 19, 2021
Windows 10 interface adjustment tool supports automatic switching of light and dark modes, automatic switching of themes and transparent setting of taskbar

win10_tools Windows 10 interface adjustment tool supports automatic switching of light and dark modes, automatic switching of themes and transparent s

Simon 1 Dec 3, 2021
FireDog - Open source cross-platform lightweight virus signature detection engine.

FireDog 开源跨平台轻量级病毒特征检测引擎。Open source cross-platform lightweight virus signature detection engine. 语言 Language C++ 11 LICENSE 是你们喜欢的:MIT License. 让我们搞起

null 38 Jun 21, 2022
Signature spoofer for microG (Zygisk version)

Wyrlook — Zygisk microG Enhancer. Absolutely nothing is ready yet! (I haven't developed for Android for 8 years lol that's gonna be a fun ride) A Zygi

Mikhail Pershin 7 Apr 24, 2022
3D scanning is becoming more and more ubiquitous.

Welcome to the MeshLib! 3D scanning is becoming more and more ubiquitous. Robotic automation, self-driving cars and multitude of other industrial, med

null 28 Jun 17, 2022
ZXing ("Zebra Crossing") barcode scanning library for Java, Android

Project in Maintenance Mode Only The project is in maintenance mode, meaning, changes are driven by contributed patches. Only bug fixes and minor enha

ZXing Project 29.7k Jun 28, 2022
Lidar-with-velocity - Lidar with Velocity: Motion Distortion Correction of Point Clouds from Oscillating Scanning Lidars

Lidar with Velocity A robust camera and Lidar fusion based velocity estimator to undistort the pointcloud. This repository is a barebones implementati

ISEE Research Group 128 Jun 20, 2022
EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections and LSASS protections

EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Kernel callbacks and ETW TI provider) and LSASS protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring.

Wavestone - Cybersecurity & Digital Trust 564 Jun 26, 2022
Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.

SysmonSimulator SysmonSimulator is an Open source Windows event simulation utility created in C language, that can be used to simulate most of the att

Scarred Monk 599 Jun 26, 2022
Project to check which Nt/Zw functions your local EDR is hooking

Probatorum EDR Userland Hook Checker Probatorum will check which Nt/Zw functions your local EDR is hooking. Most credit for this code goes to SolomonS

null 142 Jun 24, 2022
Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR

Detect-Hooks Detect-Hooks is a proof of concept Beacon Object File (BOF) that attempts to detect userland API hooks in place by AV/EDR. The BOF will r

anthemtotheego 110 Jun 27, 2022
Shellcode loader written in rust. Strives to evade modern EDR solutions.

Pestilence What is pestilence? Pestilence is a shellcode loader written in rust. It strives to evade modern EDR solutions. How does it work? It loads

Daniil Nababkin 20 Jun 16, 2022
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc

Introduction RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks,

Halil Dalabasmaz 354 Jun 25, 2022
An experimental dynamic malware unpacker based on Intel Pin and PE-sieve

Pin'n'Sieve A dynamic malware unpacker based on Intel Pin and PE-sieve (deploys PE-sieve scan on specific triggers). Caution: during the process the m

hasherezade 50 Jun 10, 2022
Research tool able to detect and mitigate evasion techniques used by malware in-the-wild

JuanLesPIN IntelPin tool to detect and mitigate Windows malware evasion techniques. This tool is a prototype developed for a research project whose pa

Lorenzo Maffia 7 May 20, 2022