LockdExeDemo
A demo of the relevant blog post: https://www.arashparsa.com/hook-heaps-and-live-free/
Install / Use
/learn @waldo-irc/LockdExeDemoREADME
LockdExeDemo
A demo of the relevant blog post: Hook Heaps and Live Free
DEMO
Explanation
There are 2 compile types.
The first is an EXE. The EXE requires some sort of shellcode (I used staged cobalt strike shellcode from the payload generator). You can validate this works by running your shellcode and using BeaconEye.
The second compile type is a DLL that you can inject into anything, will hook sleep, and same deal as the exe, any sleep over 1 will encrypt the heap on sleep. Cobalt Strike's EXE by default makes 2 threads for some reason that both need to function that interferes with this whereas injecting a Cobalt Strike thread into another process does not (as now it only needs 1 thread to operate again). To get this to work in a standalone generated CS exe that's already running may take a bit more work or a profile change.
Remember, this will work in processes like explorer.exe but it'll freeze the whole process as CS is sleeping and encrypting. Really this version is meant for standalone processes you control.
Related Skills
node-connect
354.0kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
112.2kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
354.0kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
354.0kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
