14Eki
How can an ELF binary call a Windows API from WSL(2) to deploy a payload?
In September 2021 Black Lotus Labs (BLL) posted a blog entry discussing a payload loader that was:
- written in Python
- compiled to an ELF exe using PyInstaller in Debian in WSL
- and "injected into a running process using Windows API calls"
BLL states they were able to develop a proof of concept. However, a post from 2015 on Stack Exchange states it's not possible to make calls to the Windows API because of the pico process architecture (I think that's what they meant).
What approaches can be used to develop such a proof-of-concept, or be of use to develop mitigations or detections.
