Home

Awesome

Dirty Vanity

A POC for the new injection technique, abusing windows fork API to evade EDRs.

Usage

DirtyVanity.exe [TARGET_PID_TO_REFLECT]

Runtime steps

Shellcode

The reflected shellcode works with ntdll API. It is generated from the included generation project shellcode_template, curtesy of https://github.com/rainerzufalldererste/windows_x64_shellcode_template

Shellcode customization

To customize the shellcode with ease: