Home

Awesome

UrbanBishopLocal

UrbanBishopLocal

Description

A port of FuzzySecurity's UrbanBishop project for inline shellcode execution. The execution vector uses a delegate vs an APC on a suspended threat at ntdll!RtlExitUserThread in UrbanBishop

Usage

  1. Base64 encode XOR encrypted 64 bit shellcode with PowerShell
    • [Convert]::ToBase64String([System.IO.File]::ReadAllBytes("$PSScriptRoot\encrypted_shellcode.bin")) | clip
  2. Copy base64 string into Program.cs
  3. Replace your XOR key within Program.cs
  4. Build the project for x64