UseRWX & Default Sleepmask (no kit) Support Added

boku7 / BokuLoader

A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!

MIT License

1.26k stars 244 forks source link

UseRWX & Default Sleepmask (no kit) Support Added #20

Closed boku7 closed 1 year ago

boku7 commented 1 year ago

Added support for malleable PE "set userwx" option. When using default "sleepmask true" (without sleepmask kit), you will need to set "userwx" to "true" to avoid writing to non-writable beacon.text memory. When using sleepmask kit which supports RX beacon.text memory, set "sleepmask true" && "userwx false".