Skip to content

Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution

Notifications You must be signed in to change notification settings

ProcessusT/Venoma

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Venoma



Yet another ☠️ Cobalt Strike ☠️ beacon dropper



A custom C++ raw beacon dropper with :

Compile Time API Hashing
Run-Time Dynamic Linking
PPID spoofing
DLL Unhooking (Fresh + Perun's fart)
ETW Patching
EnumPageFilesW execution
Local & remote APC Execution
Indirect syscall execution
Cobalt Strike Artifact kit integration
Self deletion


All functions are included, choose what you need and remove anything else before compiling.









Cobalt Strike artifact kit integration


> Compile the project and rename the binary to artifact64big.exe
> Add your own artifact.cna in the same folder
> Load your cna into Cobalt Strike and generate a stageless Windows payload
> Enjoy
Video tutorial here : https://www.youtube.com/watch?v=tGa3xJymEfY



What da fuck is this ?


I would learn more about antivirus evasion so I made a video on Youtube :
https://www.youtube.com/watch?v=lFO2bPzxLGI


About

Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution

Topics

Resources

Stars

Watchers

Forks

Languages