ChaiLdr – AV Evasive Payload Loader represents a cutting-edge approach in malware development, blending innovative evasion techniques to bypass modern antivirus solutions.
Crafted with advanced concepts learned in malware engineering, this tool introduces a new level of sophistication in delivering payloads undetected.
From indirect syscalls and API hammering to HTTP/S shellcode staging, ChaiLdr sets a new benchmark in the realm of cybersecurity threats.
A simple shellcode loader built with the concepts of Malware development I have learnt till now.
CRT Library Removal : I tried a lot to get the payload working with CRT Library removed and make it independent with custom intrinsic functions for – memcpy, memset, rand, stand, etc, but ended up with a lot of crashes and after hours of debugging couldn’t get it working, I’ll incorporate it into a dev branch soon enough.
I have used minicrt, MiniCRT, etc for references but still couldn’t get it to work.
Shellcode Encryption : The shellcode is fetched from a remote server, providing SSL support. I haven’t incorporated any shellcode encryption, when used with Havoc, Havoc provides Sleep encryption.
Why not HellsGate? : HellGate incorporated only direct syscalls, HellsHall uses indirect syscalls, but I’m still learning that and will build my custom implementation of it in the future
EDR Evasion? : This is a simple shellcode payload loader, it can bypass a lot of antivirus software and some EDRs but the techniques it incorporates aren’t the best, so as I keep learning I’ll make better loaders!
General Working of a Web Application Firewall (WAF) A Web Application Firewall (WAF) acts as…
How to Send POST Requests Using curl in Linux If you work with APIs, servers,…
If you are a Linux user, you have probably seen commands like chmod 777 while…
Vim and Vi are among the most powerful text editors in the Linux world. They…
Working with compressed files is a common task for any Linux user. Whether you are…
In the digital era, an email address can reveal much more than just a contact…