fix: update links to project repos

This commit is contained in:
ae 2024-09-06 13:30:35 +03:00
parent 2c7dcea6ba
commit b27c6b31f1
Signed by: ae
GPG Key ID: 995EFD5C1B532B3E

View File

@ -23,7 +23,7 @@ Implementing a reflective loader myself provided a great insight into PE files a
## Implementation ## Implementation
The complete implementation can be found from [the Github repository](https://github.com/17ms/airborne). The following explanations focus on the loader itself as the supporting components (process injector, shellcode generator, and payload) are basically just pasted from existing implementations mentioned in the [references](#references). The complete implementation can be found from [the Gitea repository](https://umbrella.haus/ae/airborne). The following explanations focus on the loader itself as the supporting components (process injector, shellcode generator, and payload) are basically just pasted from existing implementations mentioned in the [references](#references).
The following helper functions are utilized to make the RVA calculations a bit easier to read: The following helper functions are utilized to make the RVA calculations a bit easier to read:
@ -656,7 +656,7 @@ As hinted in the previous sections, the loader utilizes a few trivial obfuscatio
- XOR encrypted payload shellcode - XOR encrypted payload shellcode
- Unique key generated during shellcode generation - Unique key generated during shellcode generation
If we take a look at the whole [repository](https://github.com/17ms/airborne), we can identify the PoC injector (utilizing plain `CreateRemoteThread`) as quite apparent weak link in the chain. Projects like [BypassAV by matro7sh](https://github.com/matro7sh/BypassAV) display a variety of a lot better techniques, if one is interested in improving in that area: If we take a look at the whole [repository](https://umbrella.haus/ae/airborne), we can identify the PoC injector (utilizing plain `CreateRemoteThread`) as quite apparent weak link in the chain. Projects like [BypassAV by matro7sh](https://github.com/matro7sh/BypassAV) display a variety of a lot better techniques, if one is interested in improving in that area:
<a href="https://github.com/matro7sh/BypassAV" target="_blank" style="text-decoration: none;"> <a href="https://github.com/matro7sh/BypassAV" target="_blank" style="text-decoration: none;">
<p align="center"> <p align="center">