Binary File Patching Scripts


I am releasing code to help attackers patch their binaries on the fly to avoid checksum based detections.

As I mentioned in a previous article, https://penconsultants.com/home/traditional-iocs-suck/, checksum based detections are close to worthless. But, they are still used by AV vendors, intel feeds, proxy and endpoint based detections, etc. Defenders need to stop relying on checksum based detections.

I’m releasing the following two proof-off-concepts that can help an attacker (redteam, pentester, etc.) avoid those detections.

The first is a powershell script that will patch every file in a given folder:
https://gitlab.com/J35u5633k/filePatchers_public/blob/master/binaryFilePatcher.ps1

The second will patch a file hosted on a web server on demand and serve it up:
https://gitlab.com/J35u5633k/filePatchers_public/blob/master/patchAndServe.php

Enjoy!


Schedule a no obligation consultation with PEN Consultants today! Information & Cybersecurity Testing - Penetration Testing, Red Teaming, Vulnerability Scanning and Assessment services for Apps, Web Apps, Network, Wireless, and more!

Categories: Blog


© PEN Consultants, LLC 2013 -