charlotte – fully undetected shellcode launcher
#shellcode #msfvenom #XOR #ShellcodeLauncher #CobaltStrike #Payload
https://reconshell.com/charlotte-fully-undetected-shellcode-launcher/
#shellcode #msfvenom #XOR #ShellcodeLauncher #CobaltStrike #Payload
https://reconshell.com/charlotte-fully-undetected-shellcode-launcher/
Shellcode Injection Techniques
A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload.
https://github.com/plackyhacker/Shellcode-Injection-Techniques
#inject #shellcode #csharp
A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload.
https://github.com/plackyhacker/Shellcode-Injection-Techniques
#inject #shellcode #csharp
GitHub
GitHub - plackyhacker/Shellcode-Injection-Techniques: A collection of C# shellcode injection techniques. All techniques use an…
A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload. I will be building this project up as I learn, discover or develop more techniques. Some ...
Thread Stack Spoofing
A PoC implementation for an advanced in-memory evasion technique that spoofs Thread Call Stack. This technique allows to bypass thread-based memory examination rules and better hide shellcodes while in-process memory.
https://github.com/mgeeky/ThreadStackSpoofer
#stackspoofing #av #evasion #inject #shellcode #bypass #edr
A PoC implementation for an advanced in-memory evasion technique that spoofs Thread Call Stack. This technique allows to bypass thread-based memory examination rules and better hide shellcodes while in-process memory.
https://github.com/mgeeky/ThreadStackSpoofer
#stackspoofing #av #evasion #inject #shellcode #bypass #edr
GitHub
GitHub - mgeeky/ThreadStackSpoofer: Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better…
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts. - mgeeky/ThreadStackSpoofer
Evading EDR with ScareCrow
ScareCrow - Payload creation framework designed around EDR bypass.
https://adamsvoboda.net/evading-edr-with-scarecrow/
https://www.grahamhelton.com/blog/scarecrow/
https://github.com/optiv/ScareCrow
#edr_evasion #shellcode_loader #syscalls
ScareCrow - Payload creation framework designed around EDR bypass.
https://adamsvoboda.net/evading-edr-with-scarecrow/
https://www.grahamhelton.com/blog/scarecrow/
https://github.com/optiv/ScareCrow
#edr_evasion #shellcode_loader #syscalls
Adam’s Blog
Evading EDR in 15 Minutes with ScareCrow
In an effort to keep this post short and sweet, this will be a brief explanation of a much more complex topic, but it's good to understand how EDR is det...
👍2
Clipboard Shellcode Injection
https://gist.github.com/leftp/d89ddc4651a828333d9c0ca5681d1fc8
#clipboard #shellcode #injection #redteam #maldev
https://gist.github.com/leftp/d89ddc4651a828333d9c0ca5681d1fc8
#clipboard #shellcode #injection #redteam #maldev
😡 Brute-Ratel-C4-Community-Kit
This repository contains scripts, configurations and deprecated payload loaders for Brute Ratel C4. Anything which is added in the deprecated folder will not be a part of the latest release of BRc4.
https://github.com/paranoidninja/Brute-Ratel-C4-Community-Kit
#c2 #bof #shellcode #injection
This repository contains scripts, configurations and deprecated payload loaders for Brute Ratel C4. Anything which is added in the deprecated folder will not be a part of the latest release of BRc4.
https://github.com/paranoidninja/Brute-Ratel-C4-Community-Kit
#c2 #bof #shellcode #injection
GitHub
GitHub - paranoidninja/Brute-Ratel-C4-Community-Kit: This repository contains scripts, configurations and deprecated payload loaders…
This repository contains scripts, configurations and deprecated payload loaders for Brute Ratel C4 (https://bruteratel.com/) - paranoidninja/Brute-Ratel-C4-Community-Kit
💥 Shellcode Mutator
New tool to help red teamers avoid detection. Shellcode is a small piece of code that is typically used as the payload in an exploit, and can often be detected by its “signature”, or unique pattern. Shellcode Mutator mutates exploit source code without affecting its functionality, changing its signature and making it harder to reliably detect as malicious.
Research:
https://labs.nettitude.com/blog/shellcode-source-mutations/
Source:
https://github.com/nettitude/ShellcodeMutator
#shellcode #mutator #nasm #redteam
New tool to help red teamers avoid detection. Shellcode is a small piece of code that is typically used as the payload in an exploit, and can often be detected by its “signature”, or unique pattern. Shellcode Mutator mutates exploit source code without affecting its functionality, changing its signature and making it harder to reliably detect as malicious.
Research:
https://labs.nettitude.com/blog/shellcode-source-mutations/
Source:
https://github.com/nettitude/ShellcodeMutator
#shellcode #mutator #nasm #redteam
🔥5👍1
🛠 From C to Shellcode: Crafting Position-Independent Code
Ever wondered how malware developers create shellcode? Dive into the world of Position-Independent Code (PIC) and learn about a shellcode development method using MinGW. This approach combines assembly and C to create efficient and stealthy payloads.
🌐 Details:
https://steve-s.gitbook.io/0xtriboulet/just-malicious/from-c-with-inline-assembly-to-shellcode
#maldev #clang #shellcode #asssembly
Ever wondered how malware developers create shellcode? Dive into the world of Position-Independent Code (PIC) and learn about a shellcode development method using MinGW. This approach combines assembly and C to create efficient and stealthy payloads.
🌐 Details:
https://steve-s.gitbook.io/0xtriboulet/just-malicious/from-c-with-inline-assembly-to-shellcode
#maldev #clang #shellcode #asssembly
steve-s.gitbook.io
From C, with inline assembly, to shellcode | 0xTriboulet
Friday, August 11, 2023
👍3
🛠 Adventures in Shellcode Obfuscation
This series of articles explores various methods for hiding shellcode, emphasizing techniques to avoid detection. The focus is on demonstrating diverse approaches to conceal shellcode.
🔗 Part 1: Overview
🔗 Part 2: Hail Caesar
🔗 Part 3: Encryption
🔗 Part 4: RC4 with a Twist
🔗 Part 5: Base64
🔗 Part 6: Two Array Method
🔗 Part 7: Flipping the Script
🔗 Part 8: Shellcode as IP Addresses
🔗 Part 9: Shellcode as UUIDs
🔗 Part 10: Shellcode as MAC Addresses
🔗 Part 11: Jargon
🔗 Part 12: Jigsaw
🔗 Part 13: Calculating Offsets
🔗 Part 14: Further Research
#shellcode #obfuscation #clang #maldev
This series of articles explores various methods for hiding shellcode, emphasizing techniques to avoid detection. The focus is on demonstrating diverse approaches to conceal shellcode.
🔗 Part 1: Overview
🔗 Part 2: Hail Caesar
🔗 Part 3: Encryption
🔗 Part 4: RC4 with a Twist
🔗 Part 5: Base64
🔗 Part 6: Two Array Method
🔗 Part 7: Flipping the Script
🔗 Part 8: Shellcode as IP Addresses
🔗 Part 9: Shellcode as UUIDs
🔗 Part 10: Shellcode as MAC Addresses
🔗 Part 11: Jargon
🔗 Part 12: Jigsaw
🔗 Part 13: Calculating Offsets
🔗 Part 14: Further Research
#shellcode #obfuscation #clang #maldev
🔥19❤5😱1
If you want to take a happy little journey through PEB structs, PE headers and kernel32.dll Export Table to spawn some "calc.exe" on x64 using Assembly, here it is.
📚 What you will learn:
— WinAPI function manual location with Assembly;
— PEB Structure and PEB_LDR_DATA;
— PE File Structure;
— Relative Virtual Address calculation;
— Export Address Table (EAT);
— Windows x64 calling-convention in practice;
— Writing in Assembly like a real Giga-Chad...
🔗 Source:
https://print3m.github.io/blog/x64-winapi-shellcoding
#maldev #winapi #x64 #shellcode #assembly
Please open Telegram to view this post
VIEW IN TELEGRAM
👍10🔥3