Comments (9)
thanks for your test, I think running some of these assembles bins is not that possible, but I will do some testing later, in both ways can you share with me some screenshots of your testing results for BitDefender,Norton like doing mimikatz or meterpreter
from mortar.
Thanks for your response, hope that you find a way to make it work! 😊
Sadly Bitdefender then blocks the access to lsass. I didn't find a way to bypass that restriction.
The only change i have made in the code of the AggresorBD2.DLL, is in the stealth call:
C:\Program Files\Palo Alto Networks\Traps\CyveraConsole.exe
to C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe
from mortar.
I think Bitdefender can prevent access to lsass. mortar is not designed to bypass hooks while it is made to load bins into memory. would be better if you tried also meterpreter/CS so I can include that into my research.tnx
from mortar.
The meterpreter session works perfectly, it gets detected by bitdefender but it still keeps on running
Even the Mimikatz module doesn't get detected or blocked 😉
from mortar.
thanks for the testing, please tag me on Twitter with your results. @zux0x3a
from mortar.
But i still have a question, is there a way where we could apply this technique to other tools that run once, such as WinPEAS or PowerUp?
Did you find any way to make this work? I think you closed this issue by mistake.
from mortar.
i will make it open until has some results in my pocket, thanks for your testing
from mortar.
mortar loader can't support loading assemblies into memory, I would suggest using functions such as execute-assemblies within cobalt-strike or alternative.
from mortar.
Hi, please when someone sees that reply contact me via mail or just reply here, I kind of need help with one of the tools you mentioned here.
Thanks 🙏
from mortar.
Related Issues (20)
- DLL Error and Defender Detecting Payload HOT 2
- Unable to bypass Cortex XDR HOT 3
- Detected by windows defender HOT 4
- Having issues using. HOT 1
- Inject dll into cmd.exe process and call "dec" function to execute my ".enc" payload. HOT 1
- cobalt strike beacon dies after encryption HOT 6
- Compiling issues HOT 7
- Error: identifier idents no member "rdx" HOT 1
- Can't get shellcode or binary to execute HOT 30
- Agressor.dll doesn't work HOT 4
- The agressor.dll doesn't load the encrypted payload HOT 6
- Compile error HOT 1
- I want to pass command HOT 5
- dll removed by defander
- Stealthier injection HOT 3
- how can i make agressor dll ?
- Microsoft defender started detecting HOT 5
- ESET getting flagged HOT 1
- Compile Instructions HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mortar.