Skip to content

Maldev-Academy/Christmas

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 

Repository files navigation

Maldev Academy

Maldev Academy Home

Maldev Academy Syllabus

Christmas

Implementing an injection method mentioned by @Hexacorn.

This PoC creates multiple processes, where each process performs a specific task as part of the injection operation. Each child process will spawn another process and pass the required information via the command line. The program follows the steps below:

  1. The first child process creates the target process where the payload will be injected. The handle is inherited among all the following child processes.
  2. The second child process will allocate memory in the target process.
  3. The third child process will change the previously allocated memory permissions to RWX.
  4. Following that, for every 1024 bytes of the payload, a process will be created to write those bytes.
  5. Lastly, another process will be responsible for payload execution.

The PoC uses the RC4 encryption algorithm to encrypt a Havoc Demon payload. The program, ChristmasPayloadEnc.exe, will be responsible for encrypting the payload, and padding it to be multiple of 1024 (as required by the injection logic).


Demo: Bypassing MDE using Havoc's Demon payload


image_2023-12-24_00-31-46 image_2023-12-24_00-31-24

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages