Skip to content
/ RemoteMemorymodule Public

Load the evilDLL from socket connection without touch disk

14 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

evilashz/RemoteMemorymodule

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
Client
Client
 
 
Server
Server
 
 
README.md
README.md
 
 

Repository files navigation

RemoteMemorymodule

Load the evilDLL from socket connection without touch disk

Inspired by @Rvn0xsy and the famous MemoryModule project

Server

Maked a simple socket server via c++ which is called PigSender(only work on Linux)

Responsible for processing the request sent by the client and transferring the DLL

Client

  1. Added a simple anti-simulation method, and receive DLL file from remote Server

  2. Finally, simply call MemoryModule

Usage:

  1. Put your DLL on the VPS and specify the file to be sent and the listening port

image-20210810085812853

  1. In the Client, just specify the address listened in the first step

image-20210810085922601

Of course, for better results, you can encrypt the traffic in network transmission, cause the feature of PE files are very obvious

Thanks to this excellent "non-landing" technology, you can use this project to reduce the pain of evasion anti-virus in some temporary environments

About

Load the evilDLL from socket connection without touch disk

Topics

redteam cobaltstrike

Resources

Readme
Activity

Stars

14 stars

Watchers

2 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages