goFunctionStomping

FunctionStomping using golang

Description

This is a brand-new technique for shellcode injection to evade AVs and EDRs. This technique is inspired by Module Stomping and has some similarities. As to this date (23-01-2022) also hollows-hunter doesn’t find it.

See detail:

https://idov31.github.io/2022-01-28-function-stomping/

Usage

  1. Add the project dir to you project.
  2. Change the “winApi” package’s import method.

image

image

Acknowledgments

https://github.com/idov31/functionstomping
https://idov31.github.io/2022-01-28-function-stomping/

GitHub

View Github