A PoC implementation for an evasion method to terminate the present thread and restore it earlier than resuming execution, whereas implementing web page safety modifications throughout no execution.
Intro
Sleep and obfuscation strategies are well-known within the maldev group, with completely different implementations, they’ve the target of hiding from reminiscence scanners whereas sleeping, normally altering web page protections and even including cool options like encrypting the shellcode, however there’s one other necessary level to cover our shellcode, and is hiding the present execution thread.
Spoofing the stack is cool, however after considering a bit of about it I believed that there is no such thing as a must spoof the stack… if there is no such thing as a stack 🙂
The usability of this system is left to the reader to evaluate, however in any case, I believe it’s a cool approach to evaluate some matters, and be taught some maldev for many who, like me, are beginning on this world.
The principle implementation confirmed right here holds every part that we have to take out of the stack within the knowledge part, as international variables, however an impletementation transferring every part to the heap might be revealed quickly. It goals to indicate some key modifications that must be finished to make this code pic and injectable.
This repository is mirrored between GitHub and GitLab.