- Joined
- Jan 8, 2019
- Messages
- 56,623
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,456
- Points
- 2,313
- Credits
- 32,750
6 Years of Service
76%
PhantomReg is a Python-based registry exploit generator designed to inject malicious payloads into the Windows startup process via the registry. It includes a base64-encoded PowerShell payload and optional obfuscation to evade detection by antivirus software.
PhantomReg allows for the creation of registry files (.reg) that modify the Windows startup to run a malicious PowerShell script. The payload is encoded to evade detection, and the program offers an option for obfuscation, making it harder for security tools to detect the exploit.
The generated .reg file adds entries to the Windows registry (Shell and Userinit) to run a PowerShell command that executes a payload when the system starts. The script can be used for educational purposes or to simulate malware payloads in a controlled environment.
Features
Base64-Encoded Payload: The PowerShell script is base64-encoded to avoid detection by basic text-based scanners.
Obfuscation: The payload can be obfuscated with random byte insertion, making it harder to detect by antivirus software.
Customizable Filename: Choose a misleading name for the .reg file to make it harder to identify as malicious.
Support for Custom Payloads: You can inject custom binary payloads into the registry file.