I am continuing my previous post that related to embedding the cobalt strike beacon with evasion tools to enable the safe payload delivery.
Today, I am embedding cobalt strike payload with Shellter Project. Shellter is an AV/EDR evasion tools that implement certain technique to bypass or reduce detection. Shellter is able to embed the cobalt strike raw payload into existing application
Generate Cobalt Raw Payload
First, we need to generate cobalt raw payload. but please remember that Shellter only support upto 250 kilobytes payload. We can only use payload with stager. Generating cobalt strike raw payload steps follow below
Select the listener that you want to use, Select output is Raw.
Save your raw payload into a file.
The steps below are to embed the cobalt payload into the existing executable. I am going to show you straightforward steps with auto mode to embed the payload. Please remember that these steps will make your payload easier to be detected. You can do some manual steps for better evasion
Follow the steps below to embed the cobalt strike beacon into an executable. I am using 32 bit putty.exe as the payload host.
Select A for Auto
Select N for No
Select Y for stealth mode
Select C for Custom payload that will point to your cobalt strike raw payload
input your cobalt strike myPayload.bin
Select N for No.
That is all.
When putty.exe is executed, the payload will directly run the payload. We can see here below the beacon is successfully contacting the server.