admin/SuperMega
1
0
Fork 0
mirror of https://github.com/dobin/SuperMega synced 2026-06-02 17:27:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

doc: execution guardrails info

Browse Source
This commit is contained in:
Dobin Rutishauser
2025-06-09 22:14:25 +02:00
parent ca1f497074
commit aa97f9884a
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+20
View File
@@ -152,6 +152,26 @@ To inject shellcode `messagebox.bin` into injectable `procexp64.exe` with carrie
> C:\Users\dobin\Repos\SuperMega>.\projects\commandline\procexp64.infected.exe > C:\Users\dobin\Repos\SuperMega>.\projects\commandline\procexp64.infected.exe
``` ```
### Execution Guardrails
You can use the `env` execution guardrail to restriction execution where
the environment matches your expectations. In the following example,
it requires the `VCINSTALLDIR` environment variable to contain
`Community`, which matches here. `\2022\Community\VC\`.
```
> set
...
VCINSTALLDIR=C:\Program Files\Microsoft Visual Studio\2022\Community\VC\
...
> python.exe supermega.py ... --guardrail env --guardrail-key VCIDEInstallDir --guardrail-value Community
```
These make middleboxes like sandboxes unable to execute and therefore detect
the payload, as it never gets decrypted. Until they install Visual Studio 2022
community edition.
## Directories ## Directories