The projects i'm more confident in while learning MalDev
Loaders:
NtCreateThreadEx: This loader is nothing special. Its testing out the usage of NtCreateThreadEx to execute shellcode in a remote process. It also hides the thread creation from debuggers.
Chunk Loader: practicing the chunking/drip allocation methods founded by Filip Olszak: https://github.com/xuanxuan0/. "Evasive shellcode loader for bypassing event-based injection detection, without necessarily suppressing event collection." note There are quite a few opsec blunders here, and things left in or out on purpose. The point of this was to practice the allocation techniques, not create a great loader.
Threadless Inject: Threadless Process Injection using remote function hooking. Inspired by Cobbs Threadless inject presentation. Also known as a hook loader. We hook a function in a remote process, overwrite it with shellcode, either a trampoline or payload, and wait for the process to call that function naturally.
Xll: Practicing dll hijacking/ghosting and function exports to create different payload types.
KCT: Testing Kernel Callback Table execution with enumdisplaymonitors.The wininet library is loaded dynamically just to practice another method of using libraries. This also uses chunking allocation and was compiled WITHOUT the CRT.
NodeADDon Node allows cpp add-ons. the two here are tests at shellcode execution, exporting functions, and usage of WINApis with these add-ons.
Shellcodes:
Currently dont have much publicly. Both sleep and PIC sleep are available.
Important!! There are obvious opsec blunders here. That, or I used a less than preferred method for things. This is on purpose. Each project is to practice a very specific implementation.
Examples of things I do, but arent present here:
I do not user syswhispers for any kind of syscalls
I do not leave the the CRT in any projects
I do add encryption/compression to projects
I pick injection targets more wisely
I do not overwrite function prologues without restoring original functionality
Multiple individuals helped me out,continue to push me to be better, or had their code directly used in some of these implementations, or have incredible research that was used.
@0xTriboulet @Cracked5pider @mrd0x @xiulan @0prrr
Additionally, if you ever need help, motivation, or a second eye on your projects, come join maldev academy and enter the discord!