- Joined
- Jan 8, 2019
- Messages
- 56,613
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,454
- Points
- 2,313
- Credits
- 32,650
6 Years of Service
76%
Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities.
Based on Stephen Fewer’s incredible Reflective Loader project
Created while working through Renz0h’s Reflective DLL videos from the Sektor7 Malware Developer Intermediate (MDI) Course
Initial Project Goals
Learn how Reflective Loader works.
Write a Reflective Loader in Assembly.
Compatible with Cobalt Strike.
Cross compile from macOS/Linux.
Implement Inline-Assembly into a C project.
Future Project Goals
Use the initial project as a template for more advanced evasion techniques leveraging the flexibility of Assembly.
Implement Cobalt Strike options such as no RWX, stompPE, module stomping, changing the MZ header, etc.
Write a decent Aggressor script.
Support x86.
Have different versions of the reflective loader to choose from.
Implement HellsGate/HalosGate for the initial calls that reflective loader uses (pNtFlushInstructionCache, VirtualAlloc, GetProcAddress, LoadLibraryA, etc).
Optimize the assembly code.
Hash/obfuscate strings.
Some kind of template language overlay that can modify/randomize the registers/methods.