Articles, Shellter Pro Plus Updates

Introducing Shellter Pro Plus v6.0

Hi all,

This type of announcements are usually filled with excitement and joy.

However, this one unfortunately, will have to be a bit different than the previous ones.

A few days ago on the night of February 28th, a terrible train accident, that could have been avoided, took place in Greece, where multiple people and especially young university students were fatally injured.

There isn’t much any of us can say in moments like this to ease the pain of the affected families, and so we kept our silence in the honour of the people lost.

We are now getting closer to the release of our next major version update of the Shellter Pro Plus series software. We wish to dedicate the upcoming release in memory of those we lost that day.

Except from the numerous internal updates and additions against user mode code execution interception (hooks etc…) used by security software, we have added an extra feature for special occasions.

This new feature comes under the name of ‘Ambush’ and it basically behaves as its name suggests; more on this later.

In the recent years we have seen threat actors compromising software engineering companies and supply chains and infecting legitimate software before or after it gets legitimately signed and/or distributed.

Our ‘Ambush’ feature allows to simulate this special threat attack vector in the most advanced way possible. It works by performing automated deep infection of a legitimate binary in a way that automated static and/or dynamic analysis wouldn’t see the execution of any payloads taking place.

To be more specific, ‘Ambush’ will keep the injected payload(s) into a hibernation state until a specific benign .DLL module is loaded by the process when the victim uses some feature of the infected application, which in turn causes that module to be loaded. This feature will be of course only available to be used when ‘Stealth mode’ is enabled which maintains the original functionality of the infected application.

We will be releasing a demo video soon with more information about how to take advantage of this super cool feature in order to hide your payloads from automated and even a quick manual inspection, while simulating a special attack vector.

Thank you,
kyREcon