Reflectively Loading ELFs, may we never touch Disk
github.comI recently pushed an update to Sickle that generates shellcode to perform reflective ELF loading.
If you're unfamiliar with what exactly this is, to give you a quick high-level overview; an attacker uses these techniques to map an executable filetype (EXE, ELF) into memory and execute it. When done correctly this prevents the malware from ever touching disk!
If you want to see a demo run of it launching a “Hello World” application, I uploaded a video on X.