This repo contains a couple of PIC loaders and a custom sleepmask COFF for use with Cobalt Strike. They are basic implementations where custom evasion tradecraft must be weaved in using Crystal Palace.
- Download the Crystal Palace Release distrubtion.
- Extract the tar archive and copy
crystalpalace.jarto the same directory ascobaltstrike.exe(the client). - Load
loaders.cnato use the custom loaders (there are loaders for both Beacon and postex DLLs). - Load
mask.cnato use the custom sleepmask.
You can use just the loaders, just the sleepmask, or both together. Each are compatible with the 4.12 BUD structures, so in theory, you can mix and match these with other custom loaders and sleepmasks (assuming they are also 4.12-compatible). This project is not backwards-compatible with pre-4.12.
