Jormungandr
Inline-Execute-PE
Jormungandr | Inline-Execute-PE | |
---|---|---|
5 | 2 | |
212 | 574 | |
- | - | |
4.5 | 0.7 | |
8 months ago | about 1 year ago | |
C++ | C | |
GNU General Public License v3.0 only | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Jormungandr
Inline-Execute-PE
-
Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
What is the reasoning for making another COFF loader if we can load PEs in memory now with public examples such as https://github.com/Octoberfest7/Inline-Execute-PE? The whole COFF loading thing served a purpose while people were unaware of how to load a PE in memory, but now I don’t see the point or logic for continuing to use jt
- Inline-Execute-PE: Execute unmanaged Windows executables in CobaltStrike Beacons
What are some alternatives?
Black-Angel-Rootkit - Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
Nidhogg - Nidhogg is an all-in-one simple to use rootkit.
Sandman - Sandman is a NTP based backdoor for red team engagements in hardened networks.
Venom - Venom is a library that meant to perform evasive communication using stolen browser socket
Machinegun - Machinegun is an advanced version of Metasploit's railgun, capable of reliably running arbitrary Windows API functions on a remote computer and getting the results to the attacker's machine.
Cronos - PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.
Amsi-Killer - Lifetime AMSI bypass