API Hammering with C++20 by folding (avoiding loops)
This is a PoC to apply modern C++ techniques to compile time API Hammering.
- Using a pre-compliation script in order to obfuscate is difficult to develop alongside.
- Having a for loop is lame
- I was interested in this technique having read the Unit42 report and thought about the best way to replicate it.
bloat<SIZE>([&](size_t val){
// Our lambda function will capture val which is just an incrementing index value
// Such as CreateFile or registry stuff anything to waste time
bloat<SIZE>([&](size_t val){
// You can embed like nested loops, but it'll all be unfolded
});
});
The bigger the size, the longer it'll take to compile, and execute.
Adding an element of randomness
https://unit42.paloaltonetworks.com/api-hammering-malware-families/