I am releasing code to help attackers patch their binaries on the fly to avoid checksum-based detections.
As I mentioned in a previous article, https://penconsultants.com/traditional-iocs-suck/, checksum-based detections are close to worthless. But, they are still used by AV vendors, intel feeds, proxy and endpoint-based detections, etc. Defenders need to stop relying on checksum-based detections.
I’m releasing the following two proofs of concept that can help an attacker (red team, pentester, etc.) avoid those detections.
The first is a PowerShell script that will patch every file in a given folder:
https://gitlab.com/J35u5633k/filePatchers_public/blob/master/binaryFilePatcher.ps1
The second will patch a file hosted on a web server on demand and serve it up:
https://gitlab.com/J35u5633k/filePatchers_public/blob/master/patchAndServe.php
Enjoy!
If you are looking for a reliable and experienced offensive security service that provides Rock Solid Security, look no further than PEN Consultants for all your information and cybersecurity testing needs. Contact us: https://penconsultants.com/contact-us/