EgeBalci
commented
1 year ago Earlier versions of the Amber was able to generate PE files for executing the generated payload. It is removed intentionally. The main reason is, maintaining a open source and fully undetectable evasion project is simply impossible. Keeping the generated EXE file undetectable requires a lot of effort, and at the end it will eventually get detected because it is opensource. This tool is already doing the heavy lifting for you by converting a PE file to an encoded shellcode. The rest should be up to the user.
This tool is awesome, the only thing that is missing in my opinion is to have an optional feature to build a PE containing the .bin code generated so, 1 mode ( the actual one ): generate the .bin from an .exe with all the evasion techniques used by the tool to evade security solutions 2 mode ( the one i suggest ): generate the .bin from and exe and build another .exe ( that can support also console interation like mimikatz ) and containing the .bin code that can run with all the evasion techniques used by the tool to evade security solutions