A Shellcode injector that bypasses Attack Surface Reduction (ASR) rule of blocking arbitrary code execution. This script was created from the knowledge gained from RTO2 Course.
This injector uses QueueUserAPC function to inject shellcode from C2s such as Cobalt Strike in to a system process. This injector currently injecting to calc.exe calculator but users can change any processes they want. User should use a convertor such as GadgetToJScript to convert to VBA, JS, or HTA etc formats then execute it to bypass detections. User may also need to tweak APIs to bypass detection depends on the target they want to bypass.
- Generate shellcode in
C#format and add to the injector, then use GadgetToJScript to convet it toJsformat then execute.
Cobalt Strike received a beacon
- Geneate a
VBAformat and inject to Word Macros
Cobalt Strike received a beacon