Nim-HalosGate-Injector icon indicating copy to clipboard operation
Nim-HalosGate-Injector copied to clipboard

Published 20 hours ago verified publisher icon jrrgimenez

Metadata

Shellcode Injector that obtains system call opcodes using the Halo's Gate method to evade EDR Hooks.

Nim-HalosGate-Injector

My Nim implementation of the most common shellcode injector, using HalosGate to retrieve system call opcodes dynamically from NTDLL even when there are EDR API Hooks in place.

It relies heavily in other implementations, so huge thanks to SEKTOR7 1 for implementing this technique and @am0nsec and @RtlMateusz for creating the Hell's Gate paper in first place 2. Thanks also to @zimawhit3 for his Nim Hell's gate implementation 3 :)

Usage

Its usage is pretty simple, just compile the binary with nim:

nim c -d=mingw --app=console --cpu=amd64 HalosGate.nim

And run it in the target machine specifying the PID of the process in which you want to inject the shellcode:

./HalosGate.exe <PID>

Metadata

19
Stars
4
Forks
Watchers

Owner

verified publisher icon jrrgimenez

Metadata

Shellcode Injector that obtains system call opcodes using the Halo's Gate method to evade EDR Hooks.

Back