all InfoSec news
TerraLdr - A Payload Loader Designed With Advanced Evasion Features
Jan. 10, 2023, 11:30 a.m. | noreply@blogger.com (Unknown)
KitPloit - PenTest Tools! www.kitploit.com
Details:
- no crt functions imported
- syscall unhooking using KnownDllUnhook
- api hashing using Rotr32 hashing algo
- payload encryption using rc4 - payload is saved in .rsrc
- process injection - targetting 'SettingSyncHost.exe'
- ppid spoofing & blockdlls policy using NtCreateUserProcess
- stealthy remote process injection - chunking
- using debugging & NtQueueApcThread for payload execution
Usage:
- use GenerateRsrc to update DataFile.terra that'll be the payload saved in the .rsrc section of the loader
Thanks For:
advanced edrs evasion features loader payload spoofing windows
More from www.kitploit.com / KitPloit - PenTest Tools!
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Information Security Engineers
@ D. E. Shaw Research | New York City
Cloud Security Engineer
@ Pacific Gas and Electric Company | Oakland, CA, US, 94612
Penetration Tester (Level 2)
@ Verve Group | Pune, Mahārāshtra, India
Senior Security Operations Engineer (Azure)
@ Jamf | US Remote
(Junior) Cyber Security Consultant IAM (m/w/d)
@ Atos | Berlin, DE, D-13353