{
	"id": "e7698061-0e71-4570-b4c1-c39ed377a444",
	"created_at": "2026-04-06T00:16:49.965245Z",
	"updated_at": "2026-04-10T13:13:00.42974Z",
	"deleted_at": null,
	"sha1_hash": "4bbc0810d284606b6494dcb8f7f3c4d47dd83e8f",
	"title": "GitHub - MRGEffitas/Ironsquirrel: Encrypted exploit delivery for the masses",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1079393,
	"plain_text": "GitHub - MRGEffitas/Ironsquirrel: Encrypted exploit delivery for\r\nthe masses\r\nBy MRGEffitas\r\nArchived: 2026-04-05 23:14:04 UTC\r\nThis project aims at delivering browser exploits to the victim browser in an encrypted fashion. Ellyptic-curve\r\nDiffie-Hellman (secp256k1) is used for key agreement and AES is used for encryption.\r\nBy delivering the exploit code (and shellcode) to the victim in an encrypted way, the attack can not be replayed.\r\nMeanwhile the HTML/JS source is encrypted thus reverse engineering the exploit is significantly harder.\r\nIf you have no idea what I am talking about, Google for \"How to hide your browser 0-days\", and check my\r\npresentation. Or check out it on Youtube: https://www.youtube.com/watch?v=eyMDd98uljI Or slides on\r\nSlideshare: https://www.slideshare.net/bz98/how-to-hide-your-browser-0days\r\nThe idea of encrypted exploit delivery was first published by me in June 2, 2015:\r\nhttps://twitter.com/zh4ck/status/605754804472823808 https://www.mrg-effitas.com/research/generic-bypass-of-next-gen-intrusion-threat-breach-detection-systems/\r\nThe Angler exploit kit guys just stole my idea. And implemented it poorly.\r\nhttps://github.com/MRGEffitas/Ironsquirrel\r\nPage 1 of 4\n\nGetting Started\r\nThese instructions will get you a copy of the project up and running on your local machine for development and\r\ntesting purposes.\r\nPrerequisites\r\nMandatory dependencies - clone the IRONSQUIRREL project, cd into the project directory, and run the following\r\ncommands:\r\nsudo apt-get install ruby-dev\r\nbundle install\r\nActually nokogiri and gibberish gems will be installed.\r\nOptional dependency (for Powershell based environment aware encrypted payload delivery): Ebowla\r\nhttps://github.com/Genetic-Malware/Ebowla\r\nInstalling\r\n1. Clone the IRONSQUIRREL project\r\n2. Install the prerequisites\r\n3. (Optional) Edit IRONSQUIRREL.rb\r\n1. Change the listen port\r\n2. If Ebowla is used, configure the paths\r\n4. (Optional) If Ebowla is used, configure genetic.config.ecdh in the Ebowla install directory\r\n5. Run IRONSQUIRREL.rb\r\nruby IRONSQUIRREL.rb --exploit full_path_to_exploit\r\nExample\r\nruby IRONSQUIRREL.rb --exploit /home/myawesomeusername/IRONSQUIRREL/exploits/alert.html\r\nAfter that, visit the webserver from a browser. Example output:\r\nListening on 2345\r\nGET / HTTP/1.1\r\nGET /sjcl.js HTTP/1.1\r\nGET /dh.js HTTP/1.1\r\nGET /client_pub.html?cl=SOifQJetphU2CvFzZl239nKPYWRGEH23ermGMszo9oqOgqIsH5XxXi1vw4P4YFWDqK6v4o4jIpAVSNZD1x5NTw%3\r\nGET /final.html HTTP/1.1\r\nhttps://github.com/MRGEffitas/Ironsquirrel\r\nPage 2 of 4\n\nGET /sjcl.js HTTP/1.1\r\nThe end\r\nDeployment instructions for production environments\r\n1. Let me know if you use this for real\r\n2. Spend at least 2 weeks to figure out what could go wrong\r\nContributing\r\nFeel free to submit bugfixes, feature requests, comments ...\r\nAuthors\r\nZoltan Balazs (@zh4ck) - Initial work\r\nLicense\r\nThis project is licensed under the GPL3 License - see the LICENSE.md file for details\r\nAcknowledgments\r\n@CrySySLab\r\n@SpamAndHex\r\n@molnar_g\r\n@midnite_runr\r\n@buherator\r\n@sghctoma\r\n@zmadarassy\r\n@xoreipeip\r\n@DavidSzili\r\n@theevilbit\r\nSzimeus\r\nhttps://github.com/MRGEffitas/Ironsquirrel\r\nPage 3 of 4\n\nSource: https://github.com/MRGEffitas/Ironsquirrel\r\nhttps://github.com/MRGEffitas/Ironsquirrel\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://github.com/MRGEffitas/Ironsquirrel"
	],
	"report_names": [
		"Ironsquirrel"
	],
	"threat_actors": [],
	"ts_created_at": 1775434609,
	"ts_updated_at": 1775826780,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4bbc0810d284606b6494dcb8f7f3c4d47dd83e8f.pdf",
		"text": "https://archive.orkl.eu/4bbc0810d284606b6494dcb8f7f3c4d47dd83e8f.txt",
		"img": "https://archive.orkl.eu/4bbc0810d284606b6494dcb8f7f3c4d47dd83e8f.jpg"
	}
}