It is a tool designed to bypass Windows Defender security mechanisms, allowing payloads to run seamlessly on Windows systems without triggering security alerts. It uses a combination of advanced techniques to manipulate and disguise payloads, providing cybersecurity professionals, Red Teams, and penetration testers with a robust solution to achieve undetected access.
Peculiarities
self-injection(XOR)
self-injection(AES)
Process Injection(spoolsv)(Can be used for lateral movement)
Process Hollow
Self Deleting Malware(HAVE TO WAIT, CLOSE TO A MINUTE FOR THE PAYLOAD TO EXECUTE)
DLL side-load/rundll32 applocker bypass
Process Injection(explorer.exe)
Powershell(Will bypass with cloud detections enabled as well)(Make sure to run this payload twice)(use x64 payload only)
Applocker bypass small shellcodes(Make sure to use x86 payloads)(Also make sure to change the .exe file name after everyrun on the same victim)(Make sure you run this payload twice)
Applocker bypass Havoc/large shellcodes(use x86 payloads only)
Indirect Syscall(Windows 10)(Possible EDR bypass loader)
download:
Peculiarities
self-injection(XOR)
self-injection(AES)
Process Injection(spoolsv)(Can be used for lateral movement)
Process Hollow
Self Deleting Malware(HAVE TO WAIT, CLOSE TO A MINUTE FOR THE PAYLOAD TO EXECUTE)
DLL side-load/rundll32 applocker bypass
Process Injection(explorer.exe)
Powershell(Will bypass with cloud detections enabled as well)(Make sure to run this payload twice)(use x64 payload only)
Applocker bypass small shellcodes(Make sure to use x86 payloads)(Also make sure to change the .exe file name after everyrun on the same victim)(Make sure you run this payload twice)
Applocker bypass Havoc/large shellcodes(use x86 payloads only)
Indirect Syscall(Windows 10)(Possible EDR bypass loader)
download:
