This Project simulates a read team scenario where a legitimate installer is modified to carry a stealth payload. The goal is to demonstrate payload delivery via social engineering, without raising antivirus alarms.
- Wrapper creation using Nim to embed an RC4-encrypted Sliver implant
- Hosting a fake download site that distributes trojanized installers
- Executing Sliver payloads in memory without touching disk (AV evasion)
- Triggering shell access after installation finishes
| Tool | Purpose |
|---|---|
| Nim | Used to build the wrapper with RC4 encoded payload |
| Sliver | Payload generation |
| Python/HTML | Fake landing page and server |
| RC4 encoding | AV evasion |
| Social Engineering | Pretext: Software Download |
- Base installer: VLC media player (can be any legit installer)
- Payload: Reverse shell
- Encoding: RC4 to bypass AV
- Trigger: Executed only after installer finishes
- User lands on fake VLC download page
- They download a trusted-looking installer
- Inside the wrapper:
- RC4 shellcode is decrypted after legit install finishes
- Reverse shell is launched to the attacker's listener
- No UAC prompt or antivirus alert triggered (on tests)
- Fake landing page hosting 'wrapper.exe'
- Users downloads it and launches legit VLC installer
- When installation finishes C2 reverse shell is obtained
docs_video_exploit.webm
- Registry run key
- Scheduled task
Note
This lab was created for educational and red teaming purposes only. All actions were performed in isolated lab environments under controlled conditions.