klezVirus/SharpSelfDelete

Stars
147
Rank 251,347 (Top 5 %)
Language
C#
License
GNU General Publi...
Created about 3 years ago
Updated about 3 years ago

klezVirus/SharpSelfDelete

klezVirus

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

C# implementation of the research by @jonaslyk and the drafted PoC from @LloydLabs

SharpSelfDelete

C# implementation of the research by @jonaslyk and the drafted PoC from @LloydLabs

Why?

Well, for fun I guess, and to add another module for Inceptor.

How do I run this?

Clone the project
Load the .csproj in VS2019 or similar
Build the project
Run the SharpSelfDelete.exe

Ok, How do I use it, for real?

Well, I guess the best way to use it is to take the code, and adapt it to an existing implant. There is no recommended way to do it, as long as it works.

Thanks

Huge thanks to EthicalChaos for helping me out with a Marshalling issue.

Credit

The original research was done by Jonas Lyk, the screenshot showing the technique can be found here

The first PoC in C was created by @LloydLabs: delete-self-poc

A while ago, Espresso Cake created a BOF version, available at Self_deletion_BOF.

Any known downsides?

This is just a PoC using P/Invoke, so the known downsides are the same of any implant using P/Invoke to invoke Windows APIs.

inceptor

Template-Driven AV/EDR Evasion Framework

SysWhispers3

SysWhispers on Steroids - AV/EDR evasion via direct system calls.

CVE-2021-40444

CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit

CheeseTools

Self-developed tools for Lateral Movement/Code Execution

SilentMoonwalk

PoC Implementation of a fully dynamic call stack spoofer

chameleon

PowerShell Script Obfuscator

vortex

VPN Overall Reconnaissance, Testing, Enumeration and eXploitation Toolkit

CandyPotato

Pure C++, weaponized, fully automated implementation of RottenPotatoNG

DriverJack

Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths

NimlineWhispers3

A tool for converting SysWhispers3 syscalls for use with Nim projects

RpcProxyInvoke

Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar

klezVirus.github.io

SharpLdapRelayScan

C# Port of LdapRelayScan

koppeling-p

Adaptive DLL hijacking / dynamic export forwarding - EAT preserve

DCKFinder

Dangling COM Keys Finder

deser-node

NodeJS Deserialization Payload Generator

codegrepper

Pure python, self-contained, silly implementation of a SAST tool

mapt-run

Simple script to setup a local hosted network for Mobile Application Penetration Testing

faceless

Faceless - Simple Tool for Text-File Anonymization

msf-revhttp-gen

Little utility to facilitate Metasploit Reverse HTTP Payloads

nmap-report

A simple tool that can be use to extract usful information from a nmap scan

CryptoCheck

NIST-CAVS Extended - Encryption Auto Testing Toolkit

deser-py

Python Deserialization Payload Generator

deser-ruby

Ruby Deserialization Payload Generator

nx_reporter

Rapid7 Nexpose template-based report generator

muts-opt-encoder

Independent implementation of the optimized SUB-Encoder

klezVirus

Temporary unavailable...

php-ipfinder

A simple tool to enumerate various info on a set of IP addresses

cves

Public Advisories Redirector

cors-security-remove

Posts

Offensive Security Certifications Reviews

oldrivrs

some old drivers and misc crap from a while ago