Día 53 de 365: Descubriendo LazyOwn RedTeam - Comandos Diarios para Dominar el Pentesting / Day 53 of 365: Mastering Pentesting with LazyOwn RedTeam - Daily Command Series #LazyLoader Stealthy Reflective PE Loader for Windows
/ breaking-the-lazyloader-has-landed-and-its...
https://github.com/grisuno/LazyLoader/
🛠 LazyLoader BOF is a sophisticated, in-memory Windows PE (Portable Executable) loader that:
/ lazyloader-bof-when-your-beacon-decides-to...
Downloads an AES-256 encrypted PE file and its decryption key from a remote HTTP server.
Decrypts the payload in memory using Windows CryptoAPI.
Reflectively maps and relocates the PE into the current process.
Repairs the Import Address Table (IAT) with optional API hooking to spoof command-line arguments and prevent process exit.
Executes the payload in a new thread.
Optionally unhooks ntdll.dll by restoring its .text section from a clean process (e.g., notepad.exe) to evade EDR/userland hooks.
Designed for stealth, LazyLoaderBOF leaves no trace on disk and hides its execution context from command-line inspection tools.
⚙️ Features
✅ Remote Payload Fetching Uses WinHTTP to securely download encrypted PE and key files from a remote server.
✅ AES-256 Decryption
Leverages Windows CryptAcquireContext, CryptCreateHash, and CryptDecrypt for secure in-memory decryption.
✅ Reflective PE Loading
Parses PE headers and sections.
Allocates memory at preferred or relocated base.
Copies headers and sections.
Repairs IAT with dynamic GetProcAddress.
✅ Command-Line Masquerading
Spoofs:
GetCommandLineA/W
__p___argv
__p___wargv
__p___argc
__getmainargs
__wgetmainargs
Prevents detection via process argument inspection.
✅ Exit Function Hooking Hooks exit, _exit, ExitProcess, etc., to redirect termination to ExitThread(0) — keeping the host process alive.
✅ EDR Evasion via NTDLL Unhooking Optionally spawns a suspended notepad.exe, reads clean ntdll.dll from its memory, and restores hooked .text sections in the current process.
✅ No Disk Artifacts Everything runs in memory — no temporary files written.
https://github.com/grisuno/LazyLoader
https://github.com/grisuno/LazyOwn
https://github.com/grisuno/CVE-2022-2...
/ the-rtcore64-chronicles-when-your-gpu-tune...
Comment yaml to get the file to enabled this command before the release.
⭐⭐ Now with the ability to remotely command execution and adversary emulation. ⭐⭐
LazyOwn RedTeam Framework is an advanced pentesting tool that combines a powerful CLI (cmd2) with a centralized C2 (Command & Control), all managed through a single JSON configuration file. It includes over 500 simplified commands to automate complex cybersecurity tasks, such as full Nmap scans, detailed report generation, integration with tools like Metasploit, Sliver, Empire, Caldera, and Atomic RedTeam, and automated exploitation based on detected vulnerabilities.
The framework features a malleable implant written in Go, AES encryption over SSL, covert communication, multi-platform persistence, adversary emulation, and advanced post-exploitation capabilities. Additionally, it includes an extensible plugin system (Lua), AI bots for log analysis, emulation of legitimate traffic, compatibility with MITRE ATT&CK, and standard report generation (PDF, HTML), along with multiple evasion and obfuscation techniques.
With features like proxychains, custom sniffers, keyloggers, rootkits, and the ability to create undetectable payloads, LazyOwn positions itself as an open-source alternative to commercial tools like Cobalt Strike and Brute Ratel. All of this is developed under the GPL license, with a growing community and educational resources available.
🔗 Links (Because Sharing Is Power)
🐙 GitHub: https://github.com/grisuno/CVE-2022-2...
🧠 LazyOwn Framework: https://github.com/grisuno/LazyOwn
🌐 Web: https://grisuno.github.io/LazyOwn/
🎥 Demo: • Day 51 of 365: Mastering Pentesting with L... (mentally insert epic kernel exploit footage)
💬 Discord: / discord
🧑💻 HTB: https://app.hackthebox.com/users/1998024
☕ Ko-fi: https://ko-fi.com/Y8Y2Z73AV (Buy me coffee. I’ll use it to fund more kernel exploits.)
Информация по комментариям в разработке