Veil by @ChrisTruncer is a very known tool and comes from the beginning of creating such FUDs, it integrates with metasploit loading a listener through meterpreter through CLI and has a lot of techniques and options to craft payloads injecting into memory without touching disk.
Since Veil’s 1.0 release, shellcode has been injected into memory the same way (largely across the industry). This is done over the following steps:
• Allocate memory with RWX (read, write, and execute) permissions to write shellcode into, and execute it
• Write the shellcode to the previously allocated memory
• Create a thread to execute the shellcode
• Wait for the shellcode to finish running (i.e. you exit Meterpreter or Beacon) before allowing the stager to exit
Veil 3.1 will now allocate memory with RW permissions, to enable the stager to write shellcode into the allocated memory. After writing the shellcode to the allocated memory, the stager will call VirtualProtect to change the memory permissions from RW to RX.
GitHub Link: https://lnkd.in/gpM5KAV