Shellter Pro Plus v8.5
Date: 30d/11m/2023
[+] Enhanced Application DLL Backdooring II.
[+] Targeted Runtime Evasion.
[+] License Expiration Check Updates.
[+] Various minor fixes and optimisations.
Note: Please refer to the Shellter_Pro_Plus_Exclusive_Features.pdf for more information about these updates.
Shellter Pro Plus v8.4
Date: 14d/11m/2023
[+] Enhanced Windows Built-In Modules Compatibility.
The imports table parser was updated to recognise the imports mechanism used by built-in Windows executables and DLLs. Please refer to the “Shellter_Pro_Plus_Exclusive_Features.pdf” for more information about this update.
[+] Updated imports table parser to do a more thorough scan of the imports table of the target PE binary.
[+] Various minor fixes and optimisations.
Shellter Pro Plus v8.3
Date: 06d/11m/2023
[+] Enhanced Application DLL Backdooring.
Introduces monitoring for DLL loading and exports calling events. It provides the necessary information to the user for a much more efficient backdooring of an application through a proprietary and/or system DLL. Arguments added: –monitorDllLoading/–MDLL. Please refer to the “Shellter_Pro_Plus_Exclusive_Features.pdf” for more information about this update.
[+] Several compatibility updates for DLLs that may be loaded by a process that has one or more of CFG features enabled.
[+] Various minor fixes and optimisations.
Shellter Pro Plus v8.2
Date: 11d/10m/2023
[+] Added extra validation for the chosen DLL that will be used for the Ambush feature. The additional check will also verify that the specified DLL is not included in the list of modules that are statically linked to the target PE file. For more information, please refer to the “Shellter_Pro_Plus_Exclusive_Features.pdf” and to the dedicated demo video that is listed on our website.
[+] Added the ability to optionally enable/disable some runtime evasion features. These were previously always enabled when they were supported by the target PE file. Please refer to the “Shellter_Pro_Plus_Exclusive_ Features.pdf” for more information about this update.
[+] Added new command line arguments: --evadeETW, --evadeAMSI, --redirectNativeImports. These allow to optionally enable the corresponding runtime evasion features. In Auto mode these are always enabled by default.
[+] Added the ability to conceal some internal functionality.
If a Debugger/VM detected some runtime evasion features will not have any effect even if they are enabled by the user. Please refer to the “Shellter_Pro_Plus_Exclusive_Features.pdf” for more information about this update.
[+] Fixed a potential race condition bug in unhooking functionality.
[+] Fixed a bug that triggers when choosing to modify PE section permissions instead of using an IAT handler. In that case the infected binary would crash. Using this method, is not recommended anyway, but the issue has been fixed.
[+] Fixed a bug that could cause infected 32-bit binaries to crash when they load DLLs (i.e comctl32.dll) that may be found under both WinSxS and system32/syswow64 directories.
[+] Fixed a bug in the feature that generates the appropriate MSF launching script when one of the listed payload stagers are used.
Please note, these payloads should mainly be used only for demo purposes.
[+] Various minor fixes and optimisations.
Shellter Pro Plus v8.1
Date: 11d/07m/2023
[+] Fixed a logic bug that caused one of our runtime evasion techniques to become technically disabled. This issue affects versions 7.0 and 8.0.
Shellter Pro Plus v8.0
Date: 28d/06m/2023
[+] Multiple updates towards runtime evasion.
Suspicious access permissions are now removed from all proprietary memory allocations.
[+] Fixed compatibility issues with third-party payloads generated by popular C2 frameworks. In particular, some CB payloads may have freed memory that did not own exclusively, causing the process to crash. Payloads are now moved to their own private allocations in order to avoid similar issues in the future.
[+] Fixed an issue with ‘Wine mode’ where console font adjustment by Shellter would fail due to incompatibility issues. The user had to start our software via ‘wineconsole’ because using ‘wine’ would not work due to the font adjustment issues. Both options are now working fine again.
[+] Various minor fixes and optimisations.
Shellter Pro Plus v7.0
Date: 27d/04m/2023
[+] Multiple updates towards runtime evasion.
[+] Dynamic inspection of newly loaded modules.
Advanced payloads may load additional modules in order to complete certain tasks. Newly loaded modules will now be checked against hooks, and tampered exports table data.
[+] Various minor fixes and optimisations.
Shellter Pro Plus v6.0
Date: 17d/03m/2023
[+] Multiple updates towards runtime evasion.
These apply against various techniques used by security software to intercept system function calls; especially those exported by kernel32, kernelbase, and ntdll DLLs.
[+] Ambush payload execution.
This is a special feature that allows to set the injected payload(s) into hibernation until a specific benign DLL module is loaded by the process. Please see the documentation for more details.
[+] Anti-DLL Load Monitoring.
This feature removes user-mode registered callbacks that may be set by modules injected by security software inside the process in order to monitor for new DLL loading events.
[+] Fixed a bug in the function that fetches the AES keys for payload decryption through a URL.
[+] Fixed a bug in the function that checks latest version available on our website. If you have version 5.0, then it will display that your version is up to date.
[+] Various minor fixes and optimisations.
Shellter Pro Plus v5.0
Date: 01d/02m/2023
[+] First official release of Shellter Pro Plus series.