GhostStrike is an open-source, advanced cybersecurity tool designed for ethical hacking and Red Team operations. Its creator, Stiven Mayorga, aimed to replicate a common attack technique called process hollowing to demonstrate how implants can be obfuscated without detection.
Key features of GhostStrike include:
* Dynamic API resolution using a custom hash-based method
* Base64 encoding and decoding to hide shellcode in memory
* Cryptographic key generation for secure encryption and decryption
* XOR encryption and decryption to protect shellcode during injection
* Control flow flattening to obfuscate execution paths
* Process hollowing to inject encrypted shellcode into legitimate Windows processes
The tool’s developer states that GhostStrike enables the injection of malicious Sliver code into various Windows processes, including explorer.exe, without requiring administrative privileges. The tool is available for free on GitHub and plans to demonstrate other command and control frameworks in the future.
Source: https://www.helpnetsecurity.com/2024/10/17/ghoststrike-open-source-tool-ethical-hacking/