We are excited to announce that we will be releasing the next major version update of our Shellter Pro Plus series very soon.
We worked hard on this one too in order to bring additional enhancements to the runtime evasion capabilities of the Pro Plus series software.
In particular, the code that gets bundled with your payloads of choice will not just unhook and fix artefacts in already loaded modules, introduced by other modules inserted by security software into the process; it will also dynamically monitor for modules being loaded and fix those artefacts in them as well.
This is a great addition to the runtime evasion capabilities. Advanced payloads usually require to load additional modules in order to complete several tasks. Since security software will commonly monitor these events through kernel-mode callbacks, it may optionally hook additional modules beyond the usual suspects such as kernel32 and ntdll.
Our latest additions will now monitor for newly loaded modules that are by default found under the ‘KnownDlls’ directory and will make sure these will also be checked for hooks and other artefacts.