Skip to content

icryo/Undergrowth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

72 Commits
projects
projects
 
 
templates
templates
 
 
tools
tools
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
undergrowth.py
undergrowth.py
 
 

Repository files navigation

Undergrowth - Under active development

picture alt

Undergrowth is a malware POC templating tool. Useful if you want to try to invoke shellcode from disk or reflection it in more evasive ways.

Undergrowth uses 128-bit AES encryption and a randomly generated IV to encrypt shellcode then decrypt it in memory. Templates may be private or public.

Supported Injection Templates

  • CreateRemoteThread
  • MapViewofSection
  • UUID

Additional Tools

Grunt Obfuscator

Roadmap

  • APCQueueInject
  • SRDI
  • Loaded DLL Hollowing
  • Phantom DLL Hollowing
  • Fiber Shellcode Execution
  • ACG Functionality
  • Dynamically resolved syscalls
  • Non Emulated API execution support
Additional Payload Obfuscators - Beacon, Merlin

For a better understanding of the 'why' review: https://www.forrest-orr.net/post/masking-malicious-memory-artifacts-part-iii-bypassing-defensive-scanners

About

No description, website, or topics provided.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages