Gemini

What is Gemini?
Generating shellcode with a framework, such as the Metasploit Framework, saves time and effort, but anti-virus suites are also aware of these frameworks. The algorithm which is used, is often known and will therefore result in an instant detection.

The goal of Gemini is to avoid the creation of the same program, even after countless times of generating the output. Gemini’s name is both a reference to the Zodiac sign Twins and to the goal of the program itself. Eventually, running Gemini twice with the same input (a twin) should provide a completely different output.

What are the features of Gemini
Since Gemini is still in the early stages of development, the features might differ in the initial release.

Currently, only one output language is supported: C. The target platform for the C-code is Microsoft’s Windows or a Linux distribution. In future releases, the aim is to provide multiple output languages and more target platforms.

In the list below are the finished features, which will still receive updates.

  • Encoding the shellcode
  • Avoiding anti-virus detection
  • Detecting and avoiding sandboxes
  • Detecting and avoiding virtualisation

The following features are still under construction and might or might not be implemented.

  • Control flow obfuscation

What are the prerequisites for Gemini?
To use Gemini, one needs to have the Java Runtime Environment installed. The program has a command-line-interface (CLI) and will output the source file into the directory the JAR is called using a name specified by the user.

When will Gemini be released?
Even though I stated otherwise in the in the early stages of the development, Gemini won’t be released. The ease of use is too easy for the impact it has, in combination with tools such as Metasploit Venom. This would cause script kiddies and other users with malicious intent to be able to spread undetected malware without even knowing how it is created or what it does. This is definitely not my intent, which is why I resent publishing Gemini as it is. If you do want to talk about specific features, I recommend that you e-mail me (see the contact information below) and we can discuss topics related to Gemini. Do note that I do not want nor try to aid in criminal activities and will not answer e-mails which I suspect have a malicious intent.

How can I contact you to talk about Gemini?
You can contact me at any time on [info][at][maxkersten][dot][nl].