Ethical Hacking Tutorials

Ethical Hacking Tutorials, Tips and Tricks

CoffeeShot: Avoid Detection with Memory Injection


CoffeeShot is an evasion framework that injects payload from Java-based programs into designated processes on Microsoft Windows.

It assists blue team members in assessing the effectiveness of their anti-malware measures against malicious software written in Java. Red team members and pen testers can also use CoffeeShot to bypass the target’s security controls.

It utilizes JNA (Java Native Access) to inject payload from Java-based programs into designated processes on Microsoft Windows.

The memory injection methods that CoffeeShot employs are straightforward and are well-known in the context of traditional, compiled executables. The effectiveness of these techniques at evading AV when they’re implemented in Java highlights the brittle nature even by modern antivirus tools.

Prerequisites:

  • Eclipse (or any other IDE that supports Java)
  • Java Native Access
  • Kali Linux with Metasploit

Build CoffeeShot with your shellCode

Copy our generated shellCode from Metasploit.
PasteInsert the shellCode inside the CoffeeShot project, e.g.: "byte[] shellcode = {(byte) 0xfc, (byte) 0xe8...};"
Build the project
Export to runnable JAR
Execute CoffeeShot by:
> Java -jar CoffeeShot.jar [processName]
> processName example: notepad++.exe

 

Demo

Author: @3pun0x

Copyright © 2018 Minerva Labs CoffeeShot. All rights reserved.

Source: https://github.com/MinervaLabsResearch/



Updated: October 2, 2018 — 4:20 am

Leave a Reply

Your email address will not be published. Required fields are marked *

Ethical Hacking Tutorials © 2018
Skip to toolbar