SILENTTRINITY icon indicating copy to clipboard operation
SILENTTRINITY copied to clipboard

Published 20 hours ago verified publisher icon byt3bl33d3r

Port over the SharpSploit Mimikatz PE Loading code to Boolang

Open byt3bl33d3r opened this issue 6 years ago • 1 comments

Currently, the Mimikatz module embeds a custom version of SharpSploit to load and execute the Mimikatz DLLs in memory (it's just calling Assembly.Load() on it). From an Opsec perspective this sucks cause it's a static assembly, doesn't get dynamically compiled on the endpoint and it's just another thing AMSI can trigger on in .NET 4.8.

Ideally I would LOVE to port over the SharpSploit PE Loading code to Boolang so this entire issue goes away but it's def not trivial and is going to require a decent amount of time.

byt3bl33d3r avatar Aug 28 '19 19:08 byt3bl33d3r

Documenting for progress. x86 code works. Just gotta figure out why x64 crashes in a random spot. image

daddycocoaman avatar Oct 01 '19 20:10 daddycocoaman