fix: update links to project repos
This commit is contained in:
parent
2c7dcea6ba
commit
b27c6b31f1
@ -23,7 +23,7 @@ Implementing a reflective loader myself provided a great insight into PE files a
|
|||||||
|
|
||||||
## Implementation
|
## Implementation
|
||||||
|
|
||||||
The complete implementation can be found from [the Github repository](https://github.com/17ms/airborne). The following explanations focus on the loader itself as the supporting components (process injector, shellcode generator, and payload) are basically just pasted from existing implementations mentioned in the [references](#references).
|
The complete implementation can be found from [the Gitea repository](https://umbrella.haus/ae/airborne). The following explanations focus on the loader itself as the supporting components (process injector, shellcode generator, and payload) are basically just pasted from existing implementations mentioned in the [references](#references).
|
||||||
|
|
||||||
The following helper functions are utilized to make the RVA calculations a bit easier to read:
|
The following helper functions are utilized to make the RVA calculations a bit easier to read:
|
||||||
|
|
||||||
@ -656,7 +656,7 @@ As hinted in the previous sections, the loader utilizes a few trivial obfuscatio
|
|||||||
- XOR encrypted payload shellcode
|
- XOR encrypted payload shellcode
|
||||||
- Unique key generated during shellcode generation
|
- Unique key generated during shellcode generation
|
||||||
|
|
||||||
If we take a look at the whole [repository](https://github.com/17ms/airborne), we can identify the PoC injector (utilizing plain `CreateRemoteThread`) as quite apparent weak link in the chain. Projects like [BypassAV by matro7sh](https://github.com/matro7sh/BypassAV) display a variety of a lot better techniques, if one is interested in improving in that area:
|
If we take a look at the whole [repository](https://umbrella.haus/ae/airborne), we can identify the PoC injector (utilizing plain `CreateRemoteThread`) as quite apparent weak link in the chain. Projects like [BypassAV by matro7sh](https://github.com/matro7sh/BypassAV) display a variety of a lot better techniques, if one is interested in improving in that area:
|
||||||
|
|
||||||
<a href="https://github.com/matro7sh/BypassAV" target="_blank" style="text-decoration: none;">
|
<a href="https://github.com/matro7sh/BypassAV" target="_blank" style="text-decoration: none;">
|
||||||
<p align="center">
|
<p align="center">
|
||||||
|
Loading…
Reference in New Issue
Block a user