Introduction

DripLoaderNG is based on the project "DripLoader", which was created by xuanxuan0. This variant has the evasion features such as .node sideloading and indirect syscalls.

This project was developed for my blog "DripLoader: A Case Study on Shellcode Execution & Evasion"

Capability

DripLoaderNG can only be used on Windows (10/11) hosts.

DripLoaderNG by default is currently configured for the Slack .node file "keymapping.node"

In development testing, HTTPS payloads were the most evasive.

Usage

Generate a .bin file with the desired shellcode.
Run the script lzms_compress.py. (Keep this file within the project folder, shellcode.h will generate)
- Usage: python3 lzms_compress.py path/to/.bin
Rename the original keymapping.node file to nativebindings.node.
Drop the payload compiled from this project in the same folder.
Run the application.

Guidance

Reference to configuring DripLoaderNG to other .node files

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
DripLoaderNG.sln		DripLoaderNG.sln
DripLoaderNG.vcxproj		DripLoaderNG.vcxproj
DripLoaderNG.vcxproj.filters		DripLoaderNG.vcxproj.filters
README.md		README.md
drip.cpp		drip.cpp
drip.h		drip.h
lzms_compress.py		lzms_compress.py
main.cpp		main.cpp
shellcode.h		shellcode.h
syscalls.asm		syscalls.asm
syscalls.h		syscalls.h
util.cpp		util.cpp
util.h		util.h

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Introduction

Capability

Usage

Guidance

References

About

Uh oh!

Releases

Packages

Languages

CoreyCBurton/DripLoaderNG

Folders and files

Latest commit

History

Repository files navigation

Introduction

Capability

Usage

Guidance

References

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages