Tuesday, October 19, 2021

ShellcodeFluctuation: An in-memory evasion technique fluctuating shellcode memory protection between RW & RX and encrypting/decrypting contents

Shellcode Fluctuation PoC

A PoC implementation for an another in-memory evasion technique that cyclically encrypts and decrypts shellcode’s contents to then make it fluctuate between RW and RX memory protection. When our shellcode resides in RW memory pages, scanners such as Moneta or pe-sieve will be unable to track it down and dump it for further analysis.

Intro

After releasing ThreadStackSpoofer I’ve received a few questions about the following README’s point:

Change your Beacon’s memory …

Read More

Latest news
Related news