Thanks to visit codestin.com
Credit goes to github.com

Skip to content

NT-TNT/ufo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
Client
Client
 
 
Implant
Implant
 
 
TestSkelleton
TestSkelleton
 
 
lib
lib
 
 
.gitignore
.gitignore
 
 
Implant.sln
Implant.sln
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 

Repository files navigation

UFO

Syscall proxy type implant, that grants the operator 3 different operations:

  • Read memory
  • Write memory
  • Execute an API function and receive the returned data

This gives the operator full freedom of the execution flow, without relying on dynamic loading of modules, granting the bypass of static analysis of the AV/EDR.

COMPILE ME IN RELEASE MODE!

You should use the client with impacket-like arguments:

python3 main.py user:pass@host <additional arguments>

Use it at your own risk, I do not take responsibility of ANYTHING. This software is intended for good uses, human evolution and that things. Also, this code is malware but can be used for multiple purposes, like on-cloud synchronization related things and so on. For example, games running on cloud servers, etc. Anyways, fuck you, we fucking love alien technology, bitch.

Avoiding static signatures

For avoiding static signatures you should refer to the polymorphic engine for shellcodes coded by gum3t. Check his repo at https://github.com/gum3t/chameleon

About

Syscall proxy implant

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

10 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages