Wednesday, October 27, 2021

Nim implementation of Process Hollowing using syscalls (for educational purposes)

NimHollow

Playing around with the Process Hollowing technique using Nim.

Features:

Direct syscalls for triggering Windows Native API functions with NimlineWhispers.

Shellcode encryption/decryption with AES in CTR mode.

Simple sandbox detection methods from the OSEP course by @offensive-security.

AMSI patching with @rasta-mouse’s method is also inside (uncomment it for your needs).

Usage

Installation:

~$ git clone –recurse-submodules https://github.com/snovvcrash/NimHollow && cd NimHoll…

Read More

Latest news
Related news