Skip to content

Injects shellcode into remote processes using direct syscalls

Notifications You must be signed in to change notification settings

JohnWoodman/stealthInjector

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 

Repository files navigation

stealthInjector

Injects shellcode into remote processes using direct syscalls.

Direct syscalls will bypass a lot of AV/EDR detection techniques such as API userland hooking and monitoring.

The syscalls are retrieved dynamically through reading ntdll.dll instead of using hardcoded assembly. The advantage of retrieving the syscalls dynamically is that you don't have to worry about syscalls changing between Windows versions/patches, and you don't have to hardcode assembly which takes up space and time.

Usage

Usage: stealthInjector.exe -shellcode <file> [-spawnProc | -pid <num>] [-unsafe]

-spawnProc: spawn nslookup.exe and inject into that
-pid <num>: inject into remote process given PID
-unsafe: inject shellcode using high-level API calls (likely to get caught by AV/EDR)
-shellcode <file>: raw shellcode to inject

About

Injects shellcode into remote processes using direct syscalls

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published