senzee1984
commented
5 months ago Hi Bekyir, InflativeLoading has some built-in obfuscation. But, of course, the detection is a matter of sooner or later. Thanks for sharing the project, I will take a look at it.
Hello,
first of all, you have a nice and interesting project here. I have tested it with different calc.exe shellcodes, and the calculator always popped up. My testing also included using the original donut shellcode generator, and I noticed that there are some edrs that detect donut generated shellcodes with a yara rule or something. My guess as to why the shell code generated by InflativeLoading is not detected is that the donut is a lot more widely known. So maybe you can add some sort of polymorphism like https://github.com/cryptolok/MorphAES or Shikata ga nai encoding.