EchoStrike: Generate undetectable reverse shells, perform process injection


EchoStrike is an open-source tool designed to generate undetectable reverse shells and execute process injection on Windows systems.

“EchoStrike allows you to generate binaries that, when executed, create an undetectable RevShell, which can be the first entry point into a company. On the other hand, it features a Python wizard that makes it very easy to use compared to other industry tools, allowing almost anyone to use it,” Stiven Mayorga, the creator of EchoStrike, told Help Net Security.

Key features

  • Interactive wizard: Customizes payloads using a Python-based wizard. No manual configuration is needed.
  • Custom persistence techniques: Choose from multiple persistence methods, including Registry and Task Scheduler.
  • Binary padding for evasion: Adjusts binary size to evade file size-based detections.
  • AES payload encryption: Protects sh3llc0de with 128-bit AES encryption.
  • Process injection: Inject binaries into suspended processes like explorer.exe or cmd.exe for stealthy execution.
  • Dynamic binary download: Download and execute payloads from any URL for maximum flexibility.
  • Error logging and process management: Handles background processes and ensures stealthy execution in AppData or other safe locations.
  • Effectiveness: Tested with custom payloads and low detection rates. Perfect for red team operations and stealthy attacks.

Requirements

  • Go compiler: Install Go to compile the tool and generate custom payloads.
  • Python 3: Required for running the interactive wizard.
  • Dependencies: Install the required Python libraries.

Future plans and download

“I’ll be working on future improvements, optimizing the code, and adding new functionalities, focusing strongly on MITRE ATT&CK techniques and sub-techniques,” said Mayorga.

EchoStrike is available for free on GitHub.

EchoStrike: Generate undetectable reverse shells, perform process injection

Must read:




Source link