Skip to content
/ Fiber-APC-NTCall-shellcodeloader Public

Fiber-APC-NTCall-shellcodeloader is a Shellcode Loader using Fiber and APC NT Call mechanisms. Written primarily in C++ , it is for developers and researchers needing advanced shellcode loading techniques.

License

MIT license
6 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Fadouse/Fiber-APC-NTCall-shellcodeloader

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
CMakeLists.txt
CMakeLists.txt
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.cpp
main.cpp
 
 

Repository files navigation

FiberAPCNTshellcodeloader

FiberAPCNTshellcodeloader is a C++ project demonstrating shellcode loading and execution via Asynchronous Procedure Call (APC) injection. This project showcases advanced techniques for memory allocation, shellcode decryption, and injection on Windows systems. It is intended solely for research, educational, and authorized security testing purposes.

Important Disclaimer
This project is provided strictly for educational and legitimate security testing. Any use of this software for illegal or malicious purposes is prohibited. The author disclaims any responsibility for misuse.

Project Features

  • Shellcode Loading
    Load encrypted shellcode (e.g., from a file) for later injection.

  • Memory Allocation
    Allocate memory regions using native Windows NT functions, avoiding conventional WinAPI patterns.

  • Shellcode Decryption
    Decrypt shellcode using an XOR-based method, enabling stealthy payload handling.

  • APC Injection
    Inject and execute shellcode through an APC mechanism to bypass certain security measures.

Prerequisites

  • Operating System: Windows
  • Build System: CMake 3.29 or higher
  • Compiler: Visual Studio or a compatible C++ compiler

How to Build

  1. Clone the Repository

    git clone https://github.com/yourusername/fiberAPCNTshellcodeloader.git
cd fiberAPCNTshellcodeloader

  2. Create and Enter a Build Directory

    mkdir build
cd build

  3. Generate Build Files with CMake

    cmake ..

  4. Build the Project

    cmake --build .

Usage

  1. Prepare Encrypted Shellcode
    Place your XOR-encrypted shellcode in a file named encrypted_shellcode.data.

  2. Run the Executable

    ./fiberAPCNTshellcodeloader

    The program will allocate memory, decrypt the shellcode, and inject it via APC.

Detection and Bypass

  • VirusTotal Detection
    A scan on VirusTotal shows 6 detections.
    View the Report

    Detection Rate

  • Security Bypass (CobaltStrike Beacon Payload)
    Demonstrates successful evasion against 360 Total Security and Huorong (火绒).
    360 Machine
    CobaltStrike Console
    CobaltStrike VNC

Notes

  • For Educational Purposes Only
    This software should be used exclusively in controlled test environments or with explicit authorization.

  • Legal Responsibility
    The user bears all responsibility for compliance with relevant laws and regulations. The author disclaims any liability arising from misuse.

  • Potential False Positives
    Some antivirus solutions may flag or quarantine the binary due to its low-level operations and injection techniques.

License

This project is distributed under the MIT License.

Contact

For any inquiries or discussions, please reach out to the author at [email protected].

Disclaimer: This project is intended for authorized testing and research. The author assumes no liability for misuse.

About

Fiber-APC-NTCall-shellcodeloader is a Shellcode Loader using Fiber and APC NT Call mechanisms. Written primarily in C++ , it is for developers and researchers needing advanced shellcode loading techniques.

Topics

tools payload apc shellcode-loader redteam ntcall

Resources

Readme

License

MIT license
Activity

Stars

6 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages