An In-memory Embedding of CPython for Offensive Use

These artifacts perform the demonstrations listed in the Demonstration section of the submission "An In-memory Embedding of CPython for Offensive Use." Depending on the specific demonstration, the harness either creates a notepad.exe child process or uses the current console process. The harness-exe process allocates some Write+Execute memory, copies some shellcode and a harness DLL and starts a thread to execute the shellcode. The shellcode loads the harness DLL, and this downloads a CPython DLL constructed as described in the paper, and a demonstration chosen by the user in the steps of harness-exe. The specific steps involving the shellcode and the harness DLL emulate what would happen after an 0-day or N-day exploit without using an actual 0-day or N-day or compromising a system. Because this harness-exe is downloaded from the Internet, it will have a "Mark-of-the-Web," and Windows Defender will quarantine when you run it. Therefore, please follow the instructions in this document to Add an Exclusion for the harness-exe in Windows Defender.