Applying this technique to other tools about mortar HOT 9 CLOSED

thanks for your test, I think running some of these assembles bins is not that possible, but I will do some testing later, in both ways can you share with me some screenshots of your testing results for BitDefender,Norton like doing mimikatz or meterpreter

from mortar.

Thanks for your response, hope that you find a way to make it work! 😊

Sadly Bitdefender then blocks the access to lsass. I didn't find a way to bypass that restriction.

The only change i have made in the code of the AggresorBD2.DLL, is in the stealth call:
C:\Program Files\Palo Alto Networks\Traps\CyveraConsole.exe to C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe

from mortar.

I think Bitdefender can prevent access to lsass. mortar is not designed to bypass hooks while it is made to load bins into memory. would be better if you tried also meterpreter/CS so I can include that into my research.tnx

from mortar.

The meterpreter session works perfectly, it gets detected by bitdefender but it still keeps on running

Even the Mimikatz module doesn't get detected or blocked 😉

from mortar.

thanks for the testing, please tag me on Twitter with your results. @zux0x3a

from mortar.

But i still have a question, is there a way where we could apply this technique to other tools that run once, such as WinPEAS or PowerUp?

Did you find any way to make this work? I think you closed this issue by mistake.

from mortar.

i will make it open until has some results in my pocket, thanks for your testing

from mortar.

mortar loader can't support loading assemblies into memory, I would suggest using functions such as execute-assemblies within cobalt-strike or alternative.

from mortar.

Hi, please when someone sees that reply contact me via mail or just reply here, I kind of need help with one of the tools you mentioned here.
Thanks 🙏

from mortar.