Kali Linux

SharpEventPersist : Persistence By Writing/Reading Shellcode From Event Log

SharpEventPersist is a Persistence by writing/reading shellcode from Event Log.

Usage

The SharpEventPersist tool takes 4 case-sensitive parameters:

  • -file “C:\path\to\shellcode.bin”
  • -instanceid 1337
  • -source Persistence
  • -eventlog “Key Management Service”.

The shellcode is converted to hex and written to the “Key Management Service”, event level is set to “Information” and source is “Persistence”.
Run the SharpEventLoader tool to fetch shellcode from event log and execute it. Ideally this should be converted to a DLL and sideloaded on program start/boot.
Remember to change the Event Log name and instanceId in the loader, if not running with default values.

Default values will leave the following artifact:

  • A new key will be written to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service named “Persistance”.
  • This new “Persistance” key will not have a provider GUID or TypesSupported which the default key “KmsRequests” have. This can be used to build detections.
R K

Recent Posts

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

13 hours ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

15 hours ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

17 hours ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

17 hours ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

17 hours ago

Cybersecurity – Tools And Their Function

Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…

2 days ago