You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+14Lines changed: 14 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -195,6 +195,20 @@ Unhook is done.
195
195
196
196
---
197
197
198
+
## Final remark
199
+
200
+
This PoC was designed to work with Cobalt Strike's Beacon shellcodes. The Beacon is known to call out to `kernel32!Sleep` to await further instructions from its C2.
201
+
This loader leverages that fact by hooking `Sleep` in order to perform its housekeeping.
202
+
203
+
This implementation might not work with other shellcodes in the market (such as _Meterpreter_) if they don't use `Sleep` to cool down.
204
+
Since this is merely a _Proof of Concept_ showing the technique, I don't intend on adding support for any other C2 framework.
205
+
206
+
When you understand the concept, surely you'll be able to translate it into your shellcode requirements and adapt the solution for your advantage.
207
+
208
+
Please do not open Github issues related to "this code doesn't work with XYZ shellcode", they'll be closed immediately.
209
+
210
+
---
211
+
198
212
### ☕ Show Support ☕
199
213
200
214
This and other projects are outcome of sleepless nights and **plenty of hard work**. If you like what I do and appreciate that I always give back to the community,
0 commit comments