Binary File Patching Scripts
I am releasing code to help attackers patch their binaries on the fly to avoid checksum based detections.
As I mentioned in a previous article, https://penconsultants.com/home/traditional-iocs-suck/, checksum based detections are close to worthless. But, they are still used by AV vendors, intel feeds, proxy and endpoint based detections, etc. Defenders need to stop relying on checksum based detections.
I’m releasing the following two proof-off-concepts that can help an attacker (redteam, pentester, etc.) avoid those detections.
The first is a powershell script that will patch every file in a given folder:
The second will patch a file hosted on a web server on demand and serve it up: