ReFrameworker – General Purpose Framework Modifier


ReFrameworker is a general purpose Framework modifier, used to reconstruct framework Runtimes by creating modified versions from the original implementation that was provided by the framework vendor. ReFrameworker performs the required steps of runtime manipulation by tampering with the binaries containing the framework’s classes, in order to produce modified binaries that can replace the original ones.

It was developed to experiment with and demonstrate deployment of MCR (Managed Code Rootkits) code into a given framework.

Features

  • Performs all the required steps needed for modifying framework binaries (disassemble, code injection, reassemble, precompiled images cleaning, etc.)
  • Fast development and deployment of a modified behavior into a given framework
  • Auto generated deployers
  • Modules: a separation between general purpose “building blocks” that can be injected into any given binary, allowing the users to create small pieces of code that can be later combined to form a specific injection task.
  • Can be easily adapted to support multiple frameworks by minimal configuration (currently comes preconfigured for the .NET framework)
  • Comes with many “preconfigured” proof-of-concept attacks (implemented as modules) that demonstrate its usage that can be easily extended to perform many other things.

ReFrameworker, as a general purpose framework modification tool, can be used in other contexts besides security such as customizing frameworks for performance tuning, Runtime tweaking, virtual patching, hardening, and probably other usages – It all depends on what it is instructed to do.

You can download ReFrameworker v1.1 here:

Software – ReFrameworker_V1.1.zip
Source Code: ReFrameworker_V1.1_Source_Code.zip

Or read more here.

Posted in: Hacking Tools, Malware, Secure Coding

, ,


Latest Posts:


Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.


Comments are closed.