Navigation



ReFrameworker – General Purpose Framework Modifier

Last updated: September 9, 2015 | 5,051 views

ReFrameworker is a general purpose Framework modifier, used to reconstruct framework Runtimes by creating modified versions from the original implementation that was provided by the framework vendor. ReFrameworker performs the required steps of runtime manipulation by tampering with the binaries containing the framework’s classes, in order to produce modified binaries that can replace the original ones.

It was developed to experiment with and demonstrate deployment of MCR (Managed Code Rootkits) code into a given framework.

Features

  • Performs all the required steps needed for modifying framework binaries (disassemble, code injection, reassemble, precompiled images cleaning, etc.)
  • Fast development and deployment of a modified behavior into a given framework
  • Auto generated deployers
  • Modules: a separation between general purpose “building blocks” that can be injected into any given binary, allowing the users to create small pieces of code that can be later combined to form a specific injection task.
  • Can be easily adapted to support multiple frameworks by minimal configuration (currently comes preconfigured for the .NET framework)
  • Comes with many “preconfigured” proof-of-concept attacks (implemented as modules) that demonstrate its usage that can be easily extended to perform many other things.

ReFrameworker, as a general purpose framework modification tool, can be used in other contexts besides security such as customizing frameworks for performance tuning, Runtime tweaking, virtual patching, hardening, and probably other usages – It all depends on what it is instructed to do.

You can download ReFrameworker v1.1 here:

Software – ReFrameworker_V1.1.zip
Source Code: ReFrameworker_V1.1_Source_Code.zip

Or read more here.

Share8
Tweet
Share
Share
Buffer
WhatsApp
Reddit
Flip
Vote
Email
8 Shares
Posted in: Hacking Tools, Malware, Secure Coding

, ,


Latest Posts:


SecLists - Usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells SecLists – Usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place.
April 30, 2019 - 233 Shares
DeepSound - Audio Steganography Tool DeepSound – Audio Steganography Tool
DeepSound is an audio steganography tool and audio converter that hides secret data into audio files, the application also enables you to extract from files.
March 5, 2019 - 508 Shares
2019 High Severity Vulnerabilities What are the MOST Critical Web Vulnerabilities in 2019?
So what is wild on the web this year? Need to know about the most critical web vulnerabilities in 2019 to protect your organization?
February 27, 2019 - 231 Shares
GoBuster - Directory/File & DNS Busting Tool in Go GoBuster – Directory/File & DNS Busting Tool in Go
GoBuster is a tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (inc. wildcards) - a directory/file & DNS busting tool.
February 25, 2019 - 246 Shares
BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
February 4, 2019 - 292 Shares
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
January 20, 2019 - 245 Shares


Comments are closed.