[syscall]

Introducing Black Diamond Loader

After years of experience in the field, one if not our biggest and most advanced project is being shaped line by line. A hard working team that has been able to provide amazing features, undeniable results and a quality only seen in enterprise grade crypters.

Taking inspiration from notorious threat actors, even working hand to hand with them, Black Diamond rose.

We are happy to announce our Loader Tiers, each one featuring a different framework, injection method and memory evasion technique.

.NET BREACHER

• x64/86 .NET
  
• CLR Load
  
• Persistence 
  
• Anti-Analysis 
  
• .bat output
  
• 100% WD BYPASS
  
• $20/file
  

Haze Hollow

• x64/x86 Native .NET 
  
• TLS Callback Support 
  
• AES Payload Encryption
  
• CTAES Sleep obfuscation for memory evasion
  
• Legit software exploitation
  
• Persistence 
  
• Anti-Analysis 
  
• 99% AV’s RUNTIME BYPASS
  
• .dll output 
  
• .dll sideloading [ up to 5 vulnerable applications ]
  
• $TBD - Negotiable
  

Purple Pool

• x64/x86 Native .NET
  
• CTAES Sleep Obfuscation 
  
• AES Payload encryption
  
• Early Cascade Injection
  
• CRT Independent 
  
• Indirect Syscalls 
  
• Unhooked dll
  
• LLVM Obfuscation
  
• EDR BYPASS
  
• .dll output 
  
• .dll sideloading 
  
• AVAILABLE ONLY FOR ENTERPRISE AND COMPANY ENGAGEMENTS
  

Our products are mostly under development stage. .NET BREACHER is the only one available for immediate purchase, but we will be giving Haze Hollow samples to reputable members. If you consider you match our criteria, feel free to contact us via breachforums pm’s or telegram. 
Release date is not fully confirmed, but Haze Hollow is pretty close to it. We can feel it. Development for Purple Pool will continue once we reach a stable point for the rest of our softwares. 

If you have any question, need more information or require assistance, feel free to use our Telegram or join our channel directly. 

- Black Diamond Team | Head Developer

[syscall]

Update on loaders

• Improved sleep obfuscation framework.
  
• Got rid of RWX false positive flags.
  
• Patched Exit functions to avoid accidental program crashes.
  

[syscall]

Black Diamond Shellcode

We are happy to announce that the foundation to our loaders is available for sale. It is a pretty advanced shellcode containing everything needed to bypass modern security solutions. Ranging from, of course, Windows Defender, all the way to MalwareBytes, Kaspersky, Norton, Avast, AVG, nod32, ThreatDown, IKARUS, McAfee and more. 

This evasive profile is backed up by amazing features and capabilities carefully picked and designed to be as stealthy as possible, while protecting the payloads integrity.  

.NET Shellcode Advanced Evasion Technologies

• AMSI Bypass: Multi-technique Antimalware Scan Interface circumvention
  
• AES-128 Assembly Encryption: Full payload encryption with secure key management
  
• Sleep Obfuscation: CPU-intensive timing operations to avoid detection of sleep patterns
  
• Random Timing Variance: Randomized execution delays to prevent behavioral analysis
  
• String Obfuscation: XOR encoding of internal strings to avoid signature detection
  
• Variable Name Randomization: Non-predictable variable naming pattern
  
• Token Stream Manipulation: Patches critical .NET security mechanisms at runtime
  

Native Shellcode Import Handling

• Dynamic Resolution: Resolves APIs at runtime from loaded modules
  
• Ordinal Support: Handles both named and ordinal-based imports
  
• Import Caching: Stores resolved functions for performance and evasion
  
• Hash-Based Lookup: Uses hash values instead of strings for function resolution
  
• Forward Import Support: Handles API forwarding between modules
  
• Import Directory Wiping: Completely removes import traces after resolution
  

Among many many more. The whole feature list is available for download .pdf in our Telegram channel.

MVP and GOD users can apply to get a vouch copy. If you match our criteria, please proceed by dming us via Telegram ( active most of the time ) or via Breach Forums. We really want to provide a high quality product backed up by high end profiles and trustworthy individuals. 

Black Diamond Team | Head Developer

[syscall]

Update log

• Heap encryption for both of our loaders.
  
• New AMSI bypass technique for NET loader.
  
• New ETW patch technique for both of our loaders.
  

Evasion log

As of today, three tools were tested.  Quasar [ NET ] Spark [ NATIVE ] and a random rust stealer from github [ NATIVE ], we got results from the following AV's both static and runtime. 

• Windows Defender | FUD
  
• Avast | FUD
  
• Norton | FUD
  
• AVG | FUD
  
• Kaspersky | FUD
  

More antiviruses will be tested soon. We do not use online scanners for this testing stage. We get our hands in the av solutions and perform numerous tests with different "aggression" levels from the av's. We understand scores and proof are important for the community. For that reason, we will provide a weekly scan using a runtime scanner once we get a final version for the loaders. As of today, we are still playing around with techniques. But it is safe to say, we are really close to that final stage.
Thanks for all the support. We're truly grateful to everyone who has voted in our polls, joined our Telegram channel, and interacted with us directly. We appreciate your engagement and look forward to continuing to build this community together.

Black Diamond Team | Head Developer