Shellter Pro Plus Updates

Shellter Pro Plus v9.0
Date: 17d/04m/2024

[+] Memory Scan Evasion
All functions that are required for the lifetime of the running process will now be encoded/decoded on-the-fly as needed. In addition, a lot of important data structure members such as, but not limited to function pointers will always be encoded. These will be fetched and decoded on the-fly as well, while the original copies will always remain encoded. Finally, all dynamically-built strings will be cleared off the current thread’s stack memory after usage

[+] Total Recall
This feature was implemented in order to further eradicate in-memory traces of our code under certain circumstances. There may be scenarios where none of the payloads will execute for various reasons such as, VM/DBG detection on process start, and/or failure to fetch remote AES keys for payload decryption. When this is the case, this feature will kick in and remove all of our executable code from memory, while cleaning up also memory areas that may store additional data.

[+] Updated the output of “DLL Load Monitor” to mark displayed modules as ‘User’/’System’. Any logged module that is originally loaded from a directory under “C:\Windows*” will be marked as ‘System’ module.

[+] Fixed a logic bug where some runtime evasion features remained disabled in ‘Auto’ mode. This did not affect CLI/GUI operation modes.

[+] Added some dynamic debugger detection checks that now also apply for the entire lifetime of the process. This allows to detect a debugger that has been attached at post-process-initialisation.

[+] Set the maximum limit of additional data to be added for the ‘Binary Size Increase’ feature to 500MB. This enables users to do extensive testing against security software scan rules that depend on the binary size.

[+] DTCK encoding feature has been deprecated and it will be removed in a future software release.

[+] Fixed a logic bug where ‘DTCK’ encoding and ‘EFD’ files could have been enabled together while they are not compatible which each other.

[+] Various minor fixes and optimisations.

Shellter Pro Plus v8.6
Date: 20d/12m/2023

[+] Fixed a compatibility issue with Wine.
Please note, that it is not recommended to operate Shellter inside Wine and other Windows environment emulators. Compatibility with Wine is mainly offered as a way to operate our software when a Windows host/VM are not immediately available.

[+] Various minor fixes and optimisations.

Shellter Pro Plus v8.5
Date: 30d/11m/2023

[+] Enhanced Application DLL Backdooring II.

[+] Targeted Runtime Evasion.

[+] License Expiration Check Updates.

[+] Various minor fixes and optimisations.

Note: Please refer to the Shellter_Pro_Plus_Exclusive_Features.pdf for more information about these updates.

Shellter Pro Plus v8.4
Date: 14d/11m/2023

[+] Enhanced Windows Built-In Modules Compatibility.
The imports table parser was updated to recognise the imports mechanism used by built-in Windows executables and DLLs. Please refer to the “Shellter_Pro_Plus_Exclusive_Features.pdf” for more information about this update.

[+] Updated imports table parser to do a more thorough scan of the imports table of the target PE binary.

[+] Various minor fixes and optimisations.

Shellter Pro Plus v8.3
Date: 06d/11m/2023

[+] Enhanced Application DLL Backdooring.
Introduces monitoring for DLL loading and exports calling events. It provides the necessary information to the user for a much more efficient backdooring of an application through a proprietary and/or system DLL. Arguments added: –monitorDllLoading/–MDLL. Please refer to the “Shellter_Pro_Plus_Exclusive_Features.pdf” for more information about this update.

[+] Several compatibility updates for DLLs that may be loaded by a process that has one or more of CFG features enabled.

[+] Various minor fixes and optimisations.

Shellter Pro Plus v8.2
Date: 11d/10m/2023

[+] Added extra validation for the chosen DLL that will be used for the Ambush feature. The additional check will also verify that the specified DLL is not included in the list of modules that are statically linked to the target PE file. For more information, please refer to the “Shellter_Pro_Plus_Exclusive_Features.pdf” and to the dedicated demo video that is listed on our website.

[+] Added the ability to optionally enable/disable some runtime evasion features. These were previously always enabled when they were supported by the target PE file. Please refer to the “Shellter_Pro_Plus_Exclusive_ Features.pdf” for more information about this update.

[+] Added new command line arguments: --evadeETW, --evadeAMSI, --redirectNativeImports. These allow to optionally enable the corresponding runtime evasion features. In Auto mode these are always enabled by default.

[+] Added the ability to conceal some internal functionality.
If a Debugger/VM detected some runtime evasion features will not have any effect even if they are enabled by the user. Please refer to the “Shellter_Pro_Plus_Exclusive_Features.pdf” for more information about this update.

[+] Fixed a potential race condition bug in unhooking functionality.

[+] Fixed a bug that triggers when choosing to modify PE section permissions instead of using an IAT handler. In that case the infected binary would crash. Using this method, is not recommended anyway, but the issue has been fixed.

[+] Fixed a bug that could cause infected 32-bit binaries to crash when they load DLLs (i.e comctl32.dll) that may be found under both WinSxS and system32/syswow64 directories.

[+] Fixed a bug in the feature that generates the appropriate MSF launching script when one of the listed payload stagers are used.
Please note, these payloads should mainly be used only for demo purposes.

[+] Various minor fixes and optimisations.

Shellter Pro Plus v8.1
Date: 11d/07m/2023

[+] Fixed a logic bug that caused one of our runtime evasion techniques to become technically disabled. This issue affects versions 7.0 and 8.0.

Shellter Pro Plus v8.0
Date: 28d/06m/2023

[+] Multiple updates towards runtime evasion.
Suspicious access permissions are now removed from all proprietary memory allocations.

[+] Fixed compatibility issues with third-party payloads generated by popular C2 frameworks. In particular, some CB payloads may have freed memory that did not own exclusively, causing the process to crash. Payloads are now moved to their own private allocations in order to avoid similar issues in the future.

[+] Fixed an issue with ‘Wine mode’ where console font adjustment by Shellter would fail due to incompatibility issues. The user had to start our software via ‘wineconsole’ because using ‘wine’ would not work due to the font adjustment issues. Both options are now working fine again.

[+] Various minor fixes and optimisations.

Shellter Pro Plus v7.0
Date: 27d/04m/2023

[+] Multiple updates towards runtime evasion.

[+] Dynamic inspection of newly loaded modules.
Advanced payloads may load additional modules in order to complete certain tasks. Newly loaded modules will now be checked against hooks, and tampered exports table data.

[+] Various minor fixes and optimisations.

Shellter Pro Plus v6.0
Date: 17d/03m/2023

[+] Multiple updates towards runtime evasion.
These apply against various techniques used by security software to intercept system function calls; especially those exported by kernel32, kernelbase, and ntdll DLLs.

[+] Ambush payload execution.
This is a special feature that allows to set the injected payload(s) into hibernation until a specific benign DLL module is loaded by the process. Please see the documentation for more details.

[+] Anti-DLL Load Monitoring.
This feature removes user-mode registered callbacks that may be set by modules injected by security software inside the process in order to monitor for new DLL loading events.

[+] Fixed a bug in the function that fetches the AES keys for payload decryption through a URL.

[+] Fixed a bug in the function that checks latest version available on our website. If you have version 5.0, then it will display that your version is up to date.

[+] Various minor fixes and optimisations.

Shellter Pro Plus v5.0
Date: 01d/02m/2023

[+] First official release of Shellter Pro Plus series.

AV Evasion Artware