Ещё один лоадер, наполненный интересный функционаломhttps://github.com/Krypteria/AtlasLdr
* Retrieve of DLL and PE from a remote server
* Manual Mapping on a remote process
* Position independent code
* Use of indirect Syscalls
- ZwAllocateVirtualMemory
- ZwProtectVirtualMemory
- ZwQuerySystemInformation
- ZwFreeVirtualMemory
- ZwCreateThreadEx
* Single stub for all Syscalls
- Dynamic SSN retrieve
- Dynamic Syscall address resolution
* Atlas also uses
- LdrLoadDll
- NtWriteVirtualMemory
* Custom implementations of
- GetProcAddress
- GetModuleHandle
* API hashing
* Cleanup on error
* Variable EntryPoint
#redteam #maldev #git #loader
👍28🔥6🥰1😁1😢1