Offensive-Panda/RWX_MEMEORY_HUNT_AND_INJECTION_DV Offensive-Panda/RWX_MEMEORY_HUNT_AND_INJECTION_DV

  • Stars
    star
    217
  • Rank 181,040 (Top 4 %)
  • Language
    C++
  • License
    MIT License
  • Created 4 months ago
  • Updated 3 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
Offensive-Panda/RWX_MEMEORY_HUNT_AND_INJECTION_DV
github

Offensive-Panda

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.

More Repositories

1

DefenseEvasionTechniques

This comprehensive and central repository is designed for cybersecurity enthusiasts, researchers, and professionals seeking to stay ahead in the field. It provides a valuable resource for those dedicated to improving their skills in malware development, malware research, offensive security, security defenses and measures.
C++
61
star
2

DV_NEW

This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)
C++
42
star
3

C2_Elevated_Shell_DLL_Hijcking

DLL Hijacking and Mock directories technique to bypass Windows UAC security feature and getting high-level privileged reverse shell. Security researchers identified this technique which uses a simplified process of DLL hijacking and mock folders to bypass UAC control. I tested this on Windows 10,11 and bypassed Windows 10 UAC security feature.
C++
33
star
4

.NET_PROFILER_DLL_LOADING

.NET profiler DLL loading can be abused to make a legit .NET application load a malicious DLL using environment variables. This exploit is loading a malicious DLL using Task Scheduler (MMC) to bypass UAC and getting admin privileges.
C++
21
star
5

D3MPSEC

"D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system calls, randomized procedures, and prototype name obfuscation. Its primary purpose is to bypass both static and dynamic analysis techniques commonly employed by security measures.
C++
19
star
6

WPM-MAJIC-ENTRY-POINT-INJECTION

This exploit is utilising AddressOfEntryPoint of process which is RX and using WriteProcessMemory internal magic to change the permission and write the shellcode.
C++
11
star
7

on-disk-detection-bypass

Direct syscalls Injection to bypass AV/EDR
C
8
star
8

PEB_WALK_AND_API_OBFUSCATION_INJECTION

This exploit use PEB walk technique to resolve API calls dynamically, obfuscate all API calls to perform process injection.
C++
7
star
9

Bypass-and-Defeat-Defender

Powerfull scripts to bypass windows defender
Batchfile
7
star
10

Chrome-Password-Stealer

I have created a python based exploit which is getting Username, Passwords, Url's from Google Chrome
Python
6
star
11

Shellcode-Injection

Inject any shellcode into explorer.exe. This technique is using windows api calls to inject malicious shellcode into process. You can encrypt shellcode to make it undetected by security controls.
C++
6
star
12

Windows-Process-Injection

This script includes C++ code to inject malicious shellcode into process using ConsoleWindowsClass.
C++
6
star
13

NT-AUTHORITY-SYSTEM-CONTEXT-RTCORE

This exploit rebuilds and exploit the CVE-2019-16098 which is in driver Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. Instead of hardcoded base address of Ntoskrnl.exe, I calculated it dynamically and recalulated the fields offsets
C++
5
star
14

BadPowerShell

This repository includes the powershell scripts. One script is used to convert any EXE file into hexadecimal format and other script can execute converted hex. Converted hex will upload on server and you can get hex, create EXE and execute it. This technique will help to bypass network level security controls.
PowerShell
4
star
15

Collect_Threat_Intel_AND_Malware_Using_Honeypots

This code run as a service continuous monitoring all Sysmon event logs and take action based on events generated by attackers activities. Also sending filtered and contextual details on telegram bots to update administrators. Uploading and capturing all malware's dropped by attackers.
C#
4
star
16

PE-MalDoc

Privileges Escalation using VBA macro. You can use this script in office document to escalate windows privileges using registry changing.
VBScript
3
star
17

SHELLCODE_FORMATS_COVERTOR

This scirpt will convert you binary form (raw shellcode) into C, C# and base64 encoded form.
Python
3
star
18

MalwareAnalysis

This central repository is crafted for cybersecurity enthusiasts, researchers, and professionals aiming to advance their skills. It offers valuable resources for those focused on analyzing and understanding different types of malware.
3
star
19

Reverse_Shell_Over_TCp

I have created a reverse connection client from scratch in the C# programming language and execute arbitrary commands to perform C&C on the target system. To connect to the host with port, you need to pass the IP address in the first parameter and integer port number as the second argument.
2
star
20

Ransomware

Simple ransomware written in C. This project is only for educational purposes. This will encrypt data from current working directory.
C
2
star
21

MalDoc-VBA

VBA script to download anything from internet
1
star
22

Offensive-Panda.github.io

Portfolio
1
star
23

Web_Request_AND_Anti-Sandbox

This reposiorty contains the c# code which is using latest persistence technique and multiple anti-vm, anti-sandboxes techniques. In this program, I am using 4 anti-vm and anti-sanboxe techniques
C#
1
star
24

Telegram-Bot-RAT

Send victim Information using telegram bot. Simple php script to connect with telegram bot and sent user agent information on telegram.
PHP
1
star
25

Offensive-Panda

1
star
26

ShellToBinary

Convert Shell code into binary. If you want to inject Msfvenom shellcode into memory you need strong encryption and obfuscation to make it undetected by AV's/EDR. But if you create shellcode in binary format it can be injected into memory even without encryption.
Shell
1
star