An modern 64-bit position independent implant template.
#include <Common.h>
#include <Constexpr.h>
FUNC VOID Main(
_In_ PVOID Param
) {
STARDUST_INSTANCE
PVOID Message = { 0 };
//
// resolve kernel32.dll related functions
//
if ( ( Instance()->Modules.Kernel32 = LdrModulePeb( H_MODULE_KERNEL32 ) ) ) {
if ( ! ( Instance()->Win32.LoadLibraryW = LdrFunction( Instance()->Modules.Kernel32, HASH_STR( "LoadLibraryW" ) ) ) ) {
return;
}
}
//
// resolve user32.dll related functions
//
if ( ( Instance()->Modules.User32 = Instance()->Win32.LoadLibraryW( L"User32" ) ) ) {
if ( ! ( Instance()->Win32.MessageBoxW = LdrFunction( Instance()->Modules.User32, HASH_STR( "MessageBoxW" ) ) ) ) {
return;
}
}
Message = NtCurrentPeb()->ProcessParameters->ImagePathName.Buffer;
//
// pop da message
//
Instance()->Win32.MessageBoxW( NULL, Message, L"Stardust MessageBox", MB_OK );
}
I have written a Blog post about how it fully works and the reason behind it.
What is a Software Supply Chain Attack? A software supply chain attack occurs when a…
When people ask how UDP works, the simplest answer is this: UDP sends data quickly…
Endpoint Detection and Response (EDR) solutions have become a cornerstone of modern cybersecurity, designed to…
A large-scale malware campaign leveraging AI-assisted development techniques has been uncovered, revealing how attackers are…
How Does a Firewall Work Step by Step? What Is a Firewall and How Does…
People trying to securely connect to work are being tricked into doing the exact opposite.…