fiberAPCNTshellcodeloader is a C++ project designed to load and execute shellcode using APC (Asynchronous Procedure Call) injection. This project demonstrates advanced techniques for memory allocation, shellcode decryption, and execution using Windows NT functions.
- Shellcode Loading: Load encrypted shellcode from a file.
- Memory Allocation: Allocate memory using NT functions.
- Shellcode Decryption: Decrypt shellcode using XOR encryption.
- APC Injection: Inject and execute shellcode using APC.
- Windows operating system
- CMake 3.29 or higher
- Visual Studio or any other C++ compiler
-
Clone the repository:
git clone https://github.com/yourusername/fiberAPCNTshellcodeloader.git cd fiberAPCNTshellcodeloader -
Create a build directory and navigate into it:
mkdir build cd build -
Run CMake to generate the build files:
cmake ..
-
Build the project:
cmake --build .
-
Prepare your encrypted shellcode and save it as
encrypted_shellcode.data. -
Run the executable:
./fiberAPCNTshellcodeloader
- VirusTotal Detection: This project has a detection rate of 6 on VirusTotal. You can view the detailed report here.
- Bypass (CobaltStrike Beacon Payload): Successfully bypasses 360 Total Security and Huorong (火绒).
This project is for educational purposes only. Use it responsibly and only in environments where you have explicit permission to test.
This project is licensed under the MIT License. See the LICENSE file for more details.