👻 Ghost: Shellcode Loader
Ghost is a shellcode loader project designed to bypass multiple detection capabilities that are usually implemented by an EDR.
🚀 Feature:
— Bypassing kernel callbacks with fiber threads
— Stack spoofing (Return Address Spoofing and Function Hooking)
— Hiding shellcode within large, randomized memory regions
— Disabling ETW
— Removing EDR function hooks with suspended processes
— Custom API hashing for resolving functions
🔗 Source:
https://github.com/cpu0x00/Ghost
#edr #shellcode #kernel #memory #evasion
Pages: 1 2
