Skip to content

geobour98/veracrypt-stealer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
VCload
VCload
 
 
VCmigrate
VCmigrate
 
 
VCsniff
VCsniff
 
 
sRDI
sRDI
 
 
README.md
README.md
 
 

Repository files navigation

VeraCrypt Stealer

This is the assignment part of the course: Malware Development Intermediate, by sektor7. The course can be found here: MalDev Intermediate. The purpose of this assignment is to steal the password (without using a keylogger), which a user types to mount an encrypted disk (volume), created with VeraCrypt software. To achieve it, the assignment consists of 3 parts:

  1. VCsniff: Use IAT Hooking to capture the password from the API WideCharToMultiByte
  2. VCmigrate: Migrate from 32-bit process to 64-bit process using Heaven's Gate
  3. VCload: Inject into the 32-bit process and perform Shellcode Reflective DLL Injection (sRDI) to do the migration and the password stealing

A detailed blog post can be found here: geobour98 Blog

Disclaimer

This PoC was developed for Educational purposes only!

About

VeraCrypt Stealer

Topics

malware-development reflective-dll

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Languages
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy