Skip to content

HackLike-co/Cloak

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

87 Commits
.github/ISSUE_TEMPLATE
.github/ISSUE_TEMPLATE
 
 
.vscode
.vscode
 
 
api
api
 
 
bins
bins
 
 
cloak
cloak
 
 
images
images
 
 
static
static
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Cloak

Generate Secure, Polymorphic, Evasive Payloads

Quick Start

The easiest way to run Cloak is with Docker. If you wish to install it locally, check the wiki for installation instructions

git clone https://github.com/HackLike-co/Cloak.git
cd Cloak
sudo docker build . --tag cloak
sudo docker run --publish 8080:8080 cloak

You can then navigate to http://127.0.0.1:8080/cloak to start generating payloads!

Features

  • Convienent Web UI
  • View Generated Payloads
  • Simple to use REST API (Documentation Coming Soon...)

Input Formats

  • Shellcode
  • PE
  • DLL

Output Formats

  • EXE
  • DLL

Execution Options

  • Fibers
  • CreateThreadPoolWait
  • Injection
    • Local Thread
    • Remote Thread*
    • Local Thread Hijack (CreateThread)
    • Local Thread Hijack (EnumThread)
    • Remote Thread Hijack*
    • APC
    • EarlyBird APC*
    • EarlyCascade

Evasion

  • Direct Syscalls*
  • Indirect Syscalls*
  • Callstack Spoofing
  • Chunking
  • Payload Encryption/Encoding
    • AES
    • RC4
    • Base64
    • Base32
  • AMSI Patching* (HWBP)
  • ETW Patching* (HWBP)
  • DLL Unhooking*
  • IAT Camouflage*
  • API Hashing (Compile Time)
  • String Hashing*
  • Anti-Debug*
    • Debugger Detection (Kinda)
    • Self-Delete
  • Anti-VM
    • VM Detection
      • TPM Check
      • CPU Count
      • RAM
      • Resolution
    • Execution Delay
      • API Hammering
      • WaitForSingleObject
  • File Bloating*
  • Entropy Reduction*
  • Custom Binary Metadata
  • Custom Binary Icon
  • Modify Creation Date/Time

Guardrails

  • Hostname
  • Domain Joined*
  • Domain Name*
  • Subnet*

*v1.0 Goals

Community

Discord

Known Issues

  • SetThreadpoolWait doesn't play nicely for API Hashing, need to figure out why
  • Checking the amount of memory acts funky in if statement

References

This project was inspired by the amazing EvadeX from PhantomSec and OST from Outflank. If you and your team has the funds, I highly recommend them.

If you want to learn more, I recommend ired.team, Maldev Academy, or White Knight Labs

Liability

This is an open source project, maintained by HackLike.co and is meant to be used only on authorized systems for security and/or research purposes. The authors, contributors, and HackLike.co LLC assume no liability or responsibility for any misuse of this tool. Users are responsible for ensuring compliance with all local, state, federal, and international laws and regulations.

By using this tool, you, the user, are agreeing to the following:

  1. This tool will only be used for legal testing and/or research purposes
  2. You, the user, have proper authorization to use the tool for testing and/or research
  3. You, the user, will not use this tool for unauthorized access and/or exploitation
  4. You, the user, assume all responsibility and liability for any misuse of this tool

About

Generate Secure, Polymorphic, Evasive Payloads

Topics

polymorphic red-team edr-evasion maldev hacklike

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

23 stars

Watchers

0 watching

Forks

3 forks
Report repository

Releases

13 tags

Packages

No packages published

Languages