Closed duzvik closed 1 year ago
Thank you for reporting, I will check it!
What was the shellcode injected? PE-sieve detects the payload, not the method of injection (it does a passive scan and no API hooking). If the shellcode was small and obfuscated, it would possibly not detect it.
Shellcode was simple meterpreter reverse_tcp shell.
PE-sieve detects the payload, not the method of injection (it does a passive scan and no API hooking). If the shellcode was small and obfuscated, it would possibly not detect it.
Thanks, it makes sense.
I think it should work fine in the latest release, but please check and let me know: https://github.com/hasherezade/pe-sieve/releases
Hello, maybe I'm doing something wrong, but I'm sure pe-sieve can detect that standard injection by this tool - https://github.com/rvrsh3ll/MSBuildAPICaller
Here s screenshot: