Jump to content
Guest Kovalski

Hackyard - Dynamic Shellcode Injection

Recommended Posts

Guest Kovalski

The injection points are based on the execution flow of the executable.

Dynamic shellcode injection mean that the start of the injected code does NOT occur in locations that are based on very strict rules, such as the "entry point of an executable" or at a "statically predictable location".

Shellter will actually trace the execution flow of an application in userland and it will log those instructions and locations that are in the range of the executable where the injection will take place.

Once the tracing has finished, Shellter will filter the execution flow based on the size of the code that is about to be injected and it will only consider the valid injection points based on various filtering parameters.

Link to comment
Share on other sites

Guest Kovalski

Ai explicatia inainte de videoclip, plus ca iti ia fix 7 minute sa te uiti la clip sa vezi despre ce este vorba in caz ca explicatia de mai sus nu este suficienta.

:)

"Shellter

Shellter is a dynamic shellcode injection tool, and probably the first dynamic PE infector ever created.

It can be used in order to inject shellcode into native Windows applications (currently 32-bit apps only).

The shellcode can be something yours or something generated through a framework, such as Metasploit.

Shellter takes advantage of the original structure of the PE file and doesn’t apply any modification such as changing memory access permissions in sections (unless the user wants), adding an extra section with RWE access,and whatever would look dodgy under an AV scan.

Shellter uses a unique dynamic approach which is based on the execution flow of the target application."

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...