├── README.md
└── winboost.cs


/README.md:
--------------------------------------------------------------------------------
 1 | # WinBoost
 2 | Execute Mimikatz with different technique.
 3 | 
 4 | This PoC illustrate different technique to successfully excute Mimikatz with process injection:
 5 | 
 6 | 1) Embed Mimikatz as C# class, Mimikatz is converted to shellcode and converted to 3 digits format
 7 | 2) Each syscall is obfuscated
 8 | 3) Use C# Console.WriteLine to masquerade our intention
 9 | 
10 | BEFORE COMPILING, IF ONE CHANGE SOURCE CODE, REMEMBER TO CHANGE: int idx = 0x4aa73; the idx represent the index where Mimikatz begins
11 | Compile as .dll use https://github.com/mobdk/compilecs 
12 | Compile as .exe change DllMain to Main and: csc.exe /platform:x64 /target:exe /unsafe winboost.cs
13 | 
14 | Works on Windows 10 64bit build 20H2
15 | 
16 | Execution:
17 | 
18 | Start one new cmd like this:
19 | 
20 | cmd version
21 | 
22 | from another run rundll32 winboost.dll,DllMain
23 | 
24 | ZwGetNextProcess is used to find process cmd.exe with argument version, ZwGetNextThread is used after the right PID is found.
25 | 
26 | 


--------------------------------------------------------------------------------