File-less persistence, attacks and anti-forensic capabilities (Windows 7 32-bit).
NOTE: This project was NOT designed to evade AV detection.
This project is discontinued.
- Compile Kaiser.dll in Release mode
- Upload Kaiser.dll such that it can be directly downloaded as a raw binary
- Update the BuildKaiser.ps1 script to include the URL for Kaiser.dll
- Run BuildKaiser.ps1 to build the Payload.ps1 script
- Upload the Payload.ps1 script such that it can be directly downloaded as raw text
- Update the BuildKaiser.ps1 script to include the URL of Payload.ps1
- Run BuildKaiser.ps1 to build the Installer.ps1 script
- Run the Installer.ps1 script with administrative privileges on the target machine
- Threaded
XxxNetSend
sends will buffer - probably will be solved with some setsockopt magic PurgeXxx
functions are not guaranteed to work (perhaps this is because it usesShellExecuteEx
- More?
CommandPrintStatus
to print the status of Kaiser?- Convert functions in
firewall.c
to WinAPI - [OPTIONAL] Make C2 connection loop until established
- Convert Functions in
registry.c
to WinAPI - Send debugging warnings/errors back to C2
- Make
PurgeProcessMonitor
asynchronous (IWbemServices::ExecNotificationQueryAsync
)