Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities.
- This is based on Stephen Fewer's incredible Reflective Loader project:
- I created this while working through Renz0h's Reflective DLL videos from the Sektor7 Malware Developer Intermediate (MDI) Course.
- Learn how reflective loader works.
- Write my own reflective loader in assembly.
- Compatible with Cobalt Strike.
- Cross compile from macOS/Linux.
- Figure out how to implement inline assembly into a C project.
- Use the initial project as a template for more advanced evasion techniques leveraging the flexibility of Assembly.
- Implement Cobalt Strike options such as no RWX, stompPE, module stomping, changing the MZ header, etc.
- Write a decent Aggressor script.
- Support x86.
- Have different versions of reflective loader to choose from.
- Implement HellsGate/HalosGate for the initial calls that reflective loader uses (pNtFlushInstructionCache, VirtualAlloc, GetProcAddress, LoadLibraryA, etc).
- Optimize the assembly code.
- Hash/obfuscate strings.
- Some kind of template language overlay that can modify/randomize the registers/methods.
- Start your Cobalt Strike Team Server with or without a profile
- At the moment I've only tested without a profile and with a few profiles generated from Tylous's epic SourcePoint project
- Go to your Cobalt Strike GUI and import the rdll_loader.cna Agressor script
- Generate your x64 payload (Attacks -> Packages -> Windows Executable (S))
- Install mingw/gcc
- Run the compile-x64.sh shell script
- Follow instructions above (How to Use)
- https://github.com/stephenfewer/ReflectiveDLLInjection
- 100% recommend these videos if you're interested in Reflective DLL: