AceLdr – Cobalt Strike UDRL For Memory Scanner Evasion

Import a single CNA script before generating shellcode.

Changes the memory containing CS executable code to non-executable and encrypts it (FOLIAGE).

Certain WinAPI calls are executed with a spoofed return address (InternetConnectA, NtWaitForSingleObject, RtlAllocateHeap).

Delayed execution using WaitForSingleObjectEx.

This project would not have been possible without the following:

Other features and inspiration were taken from the following:



Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top

Adblock Detected

Please consider supporting us by disabling your ad blocker

Refresh Page