TECHNICAL.md

Technical Deep Dive: Polymorphic Shellcode Engine

Architecture

1. Mutation Engine

   • Junk Instruction Insertion
   • Register Swapping
   • Instruction Reordering

2. Encryption Scheme

   • XOR with PBKDF2-derived Key
   • Self-decrypting Stub (x64)

3. Evasion Techniques

   • Sandbox Detection (RAM/VM checks)
   • API Hashing

Components

Payload Generation

• Uses Keystone Engine for assembly
• Supports x86/x64 architectures
• Pre-built templates (reverse TCP, etc.)

Polymorphism Workflow

1. Original Shellcode → Mutation → Encryption → Decryptor Stub

Cobalt Strike Integration

• Generates .cna scripts for direct loading
• Obfuscates payload in memory

Limitations

• Currently x64-focused
• Basic XOR encryption (extend with AES)
• Windows-only evasion checks

Future Work

1. Add ARM architecture support
2. Implement entropy-based mutation
3. Add process hollowing integration