11 Years of Service
18%
Shhhloader is a SysWhispers Shellcode Loader that is currently a Work in Progress. It takes raw shellcode as input and compiles a C++ stub that has been integrated with SysWhispers in order to bypass AV/EDR. The included python builder will work on any Linux system that has Mingw-w64 installed.
The tool has been confirmed to successfully load Meterpreter and a Cobalt Strike beacon on fully updated systems with Windows Defender enabled. The project itself is still in a PoC/WIP state, as it currently doesn't work with all payloads.
The tool has been confirmed to successfully load Meterpreter and a Cobalt Strike beacon on fully updated systems with Windows Defender enabled. The project itself is still in a PoC/WIP state, as it currently doesn't work with all payloads.
Video Demo
Features:
- 5 Different Shellcode Execution Methods (ProcessHollow, QueueUserAPC, RemoteThreadContext, RemoteThreadSuspended, CurrentThread)
- PPID Spoofing
- Block 3rd Party DLLs
- Syscall Name Randomization
- XOR Encryption with Dynamic Key Generation
- Sandbox Evasion via Loaded DLL Enumeration
- Sandbox Evasion via Checking Processors, Memory, and Time
Tested and Confirmed Working on:
- Windows 10 21H1 (10.0.19043)
- Windows 10 20H2 (10.0.19042)
- Windows Server 2019 (10.0.17763)
Last Scan Results as of 15/04/22 (Meterpreter):
Download
Last edited by a moderator: