Shellter Editions Feature Comparison Table

FeaturesShellter FreeShellter ProShellter Pro Plus
Basic PolymorphismYYY
Basic EncodingYYY
Basic User-Defined Encoding SequenceYYY
Dynamic Thread Context Key

(Experimental)
YYY
IAT HandlersYYY
MSF Compatible StagersYYY
Custom Payload SupportYYY
Reflective DLL Payloads SupportYYY
Preserve target PE Functionality

(Stealth Mode)
YYY
32-bit PE (.exe) supportYYY
32-bit PE (.dll) supportYY
64-bit PEs (.exe, .dll) supportYY
PE Target Compatibility CheckYY
Graphical User InterfaceYY
Standalone EncoderYY
Advanced PolymorphismYY
Enhanced Anti-AV Signature TechnologyYY
Advanced Multi-Layered EncodingYY
Advanced User-Defined Encoding SequenceYY
PE Target Size Increase for AV Pre-Filter EvasionYY
Extra Built-In MSF Compatible StagersYY
Multi-Payload ChainingYY
Advanced Stealth Mode Reliability supportYY
Execution Flow Data FilesYY
Execution Flow Tracing Using Target PE-Specific ArgumentsYY
MSF Console Scripts Generator

(Applies to embedded stagers)
YY
CertPlay

(Restore/Replace/Add Certificates In PE targets )
YY
Large Payloads SupportYY
PE target Relocations Support

(Dynamic Image Base)
YY
MSF5/6 Compatible Embedded StagersYY
Discord Server

(Access to a private channel where we discuss potential improvements and exchange tips and hints with our customers.)
Y
Advanced Debugger Detection (KM + UM)

(Payloads won’t fire if detected. Can be combined with ‘Decoy Payloads’ feature to conceal real functionalities and/or tamper with automated sandbox analysis results.)
Y
Advanced VM/Sandbox Detection (Type 1 + Type 2 Hypervisors)

(Payloads won’t fire if detected. Can be combined with ‘Decoy Payloads’ feature to conceal real functionalities and/or tamper with automated sandbox analysis results.)
Y
Decoy Payloads

(Execute if DBG/VM are detected. See above.)
Y
Advanced Self-UnhookingY
Advanced Heuristic Unlinking of AV/EDR ModulesY
Advanced Native Imports Redirection For Loaded ModulesY
Advanced Native SysCalls-Based Runtime EvasionY
Advanced Stealth Payload Thread Creation

(Applies to the main thread of the payload)
Y
Advanced Self-Process and Payload Threads ProtectionY
Advanced ETW Evasion

(Applies to the process executing your payload)
Y
Advanced AMSI Evasion

(Applies to the process executing your payload)
Y
Enhanced AMSI Evasion

(Applies to the process executing your payload)
Y
AES-128 Payload Encryption

(Embedded + Network fetched keys)
Y
Ambush Payload Execution

(Keeps payloads in hibernation until a specified benign DLL is loaded by the process)
Y
Anti-DLL Load Monitoring

(Removes user-mode callbacks registered to monitor DLL modules loading events)
Y
Dynamic checks of newly loaded modules against hooks and other artefacts.

(Intercepts module load events in real time)
Y
Enhanced Application DLL BackdooringY
Enhanced Windows Built-In Modules CompatibilityY
Targeted Runtime EvasionY
Memory Scan Evasion

(Removes suspicious access permissions from all proprietary memory allocations, encodes/decodes functions and data members on the fly and cleans dynamically-built strings from current thread’s stack memory)
Y
CallStack Scan Evasion

(Tampers with callstack information in order to evade detection rules that are based on kernel ETW information.)
Y
Total Recall

(Eradicate in-memory traces of our code under certain circumstances)
Y
Infected Binary Watermarking

(Insert a user-defined watermark to help clients identify infected binaries during/post security engagements)
Y
Code Signing

(Optionally generates customised self-signed certificates and signs the infected binaries).
Y
Force Unhooking System Modules via File-Mappings

(Offers an alternative unhooking method while simultaneously evading kernel mode callbacks inserted by EDRs to monitor new module loading events.)
Y
Force Preload System Modules

(Provides a safer method for preloading system modules commonly used by C2 beacons and other third-party payloads to perform various system-level tasks.)
Y
Self-Disarm

(Specify a number of days after which payload execution in the infected binary will be deactivated.)
Y
TimeBomb

(Specify a delay in milliseconds for the payloads execution to begin.)
Y
Slow Loris

(Enables lazy loading by inserting delays in frequently executed paths of our code.)
Y
VM/Host Whitelisting

(Only activate payload execution inside a specific VM and/or physical host.)
Y
Shellter Editions Feature Comparison Table [PDF]

Disclaimer

We do not support nor condone illegal activities in any shape or form. This software is offered with the sole purpose to assist ethical hackers in their daily jobs during Penetration Testing and/or Red Team engagements. The author of this software and INSAINTED LTD assume no responsibility for any unlawful actions taken and any damages caused by using this software.

AV Evasion Artware