A demo of the relevant blog post: Hook Heaps and Live Free

Overview

LockdExeDemo

A demo of the relevant blog post: Hook Heaps and Live Free

DEMO

DEMO

Explanation

There are 2 compile types.

The first is an EXE. The EXE requires some sort of shellcode (I used staged cobalt strike shellcode from the payload generator). You can validate this works by running your shellcode and using BeaconEye.

The second compile type is a DLL that you can inject into anything, will hook sleep, and same deal as the exe, any sleep over 1 will encrypt the heap on sleep. Cobalt Strike's EXE by default makes 2 threads for some reason that both need to function that interferes with this whereas injecting a Cobalt Strike thread into another process does not (as now it only needs 1 thread to operate again). To get this to work in a standalone generated CS exe that's already running may take a bit more work or a profile change.

Remember, this will work in processes like explorer.exe but it'll freeze the whole process as CS is sleeping and encrypting. Really this version is meant for standalone processes you control.

You might also like...
Violent Fungus is a command and control (C2) software suite, providing red teams post-exploitation persistence and other juicy stuff.

Violent Fungus is a command and control (C2) software suite, providing red teams post-exploitation persistence and other juicy stuff.

Minimal implementation of malloc and free for demo purposes.
Minimal implementation of malloc and free for demo purposes.

Minimal implementation of malloc and free using sbrk() and brk() system calls. Context: How does a process actually request the kernel to allocate/dea

 	Cobalt Strike is a commercial, full-featured, remote access tool that bills itself as
Cobalt Strike is a commercial, full-featured, remote access tool that bills itself as "adversary simulation software designed to execute targeted attacks and emulate the post-exploitation actions of advanced threat actors".

COBALT STRIKE 4.4 Cobalt Strike is a commercial, full-featured, remote access tool that bills itself as "adversary simulation software designed to exe

A generic post-processing injector for games and video software.

ReShade This is a generic post-processing injector for games and video software. It exposes an automated way to access both frame color and depth info

A library to develop kernel level Windows payloads for post HVCI era
A library to develop kernel level Windows payloads for post HVCI era

A library to develop kernel level Windows payloads for post HVCI era

A collection of post-processing shaders written for ReShade.

ReShade FX shaders This repository aims to collect post-processing shaders written in the ReShade FX shader language. Installation Download this repos

Wtf Riot? I just want to close League of Legends and live my life. Leave me alone. F*ck corporate adware.

RiotKiller Wtf Riot? Anyways... This application launches League of Legends by calling RiotClientServices.exe --launch-product=league_of_legends --lau

This repo contains example software for the Kernelcon 2021 Hack Live! badge - the Hacker HotKey.
This repo contains example software for the Kernelcon 2021 Hack Live! badge - the Hacker HotKey.

Hacker HotKey This repo contains example software for the Kernelcon 2021 Hack Live! badge - the Hacker HotKey. Default Hotkey Mapping Hacker Hotkey is

Owner
Just a guy made of green pixels.
null
Blog post on using a custom Bash builtin to parse INI config files

Writing a Bash Builtin in C to Parse INI Configs Why Not Just Parse INI Configs With Bash? Shell languages such as Bash excel at certain tasks, such a

Jesse Hathaway 16 Oct 8, 2022
code for the Proxy DLL example blog post

ProxyDLLExample A simple DLL for Windows that can be used to demonstrate a DLL Proxy Attack. This project uses GCC through MinGW was tested on Ubuntu

Cobalt Strike 50 Dec 26, 2022
Take Damage hook hook made to increase weapon damage, the game I made is Free Fire in version 1.65

Take-Damage Simple Take Damage hook hook made to increase weapon damage, the game I made is Free Fire in version 1.65 Bool bool isTakeDemageBool = fal

Master Games 3 Jan 1, 2022
android analysis tools, jni trace by native hook, libc hook, write log with caller's addr in file or AndroidLog

编译方法 unix like mkdir "build" cd build cmake .. -DNDK=your_ndk_path/Android/sdk/ndk/22.0.7026061 -DANDROID_ABI=armeabi-v7a make -j8 或者使用andriod studio编

pony 63 Dec 1, 2022
This repository is for everyone for Hacktoberfest 2021. Anyone can contribute anything for your Swags (T- Shirt), must be relevant that can add some value to this repository.

Hacktober Fest 2021 For Everyone! Upload Projects or Different Types of Programs in any Language Use this project to make your first contribution to a

Mahesh Jain 174 Dec 27, 2022
Hashlink/heaps video support

hlvideo Hashlink video support Windows Setup Download and build AOM from hlvideo root directory

Heaps.io 2 Dec 15, 2022
Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++, the architecture and usage like Cobalt Strike

Khepri Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++ Description Khepri is a Cross-platform agent, the archi

Young 1.4k Jan 3, 2023
Template library and blog that explain how JSI modules are built from scratch in React Native

react-native-jsi-template This is an example library that explains how anyone can build jsi modules from scratch in React Native. This code is written

Ammar Ahmed 128 Dec 17, 2022
Supporting code for coroutines blog.

coroutines-blog Demonstration code for the Feabhas coroutines blog. Build the demos using make. Remove generated executables with make clean. Generate

Feabhas Ltd. 12 Dec 2, 2022
Companion repository to the Fuzzing101 with LibAFL series of blog posts.

fuzzing-101-solutions Companion repository to the Fuzzing101 with LibAFL series of blog posts. Tags are sync'd with blog post releases and can be used

epi 89 Dec 26, 2022