所有收集类项目

Shellcode

• Shellcode相关资源, 150+工具, 500+文章
• English Version

目录

• 开发&&编写
  • shellen -> (1)工具 (2)文章
  • 漏洞开发 -> (1)工具 (13)文章
  • 编码&&解码 -> (9)工具 (14)文章
  • (9) 工具
  • (56) 文章
• 启动&&加载&&注入&&执行
  • 注入 -> (13)工具 (34)文章
  • 执行 -> (1)工具 (23)文章
  • (22) 工具
  • (6) 文章
• 生成 -> (16)工具 (24)文章
• 转换 -> (11)工具 (3)文章
• 分析
  • 漏洞 ->
  • (5) 工具
  • (53) 文章
• BypassXxx
  • AV -> (5)工具 (9)文章
  • (5) 工具
  • (12) 文章
• ARM -> (2)工具 (9)文章
• 其他
  • 工具
    • (1) 收集
    • (64) 新添加
    • (6) 其他
  • 文章
    • (262) 新添加

开发&&编写

shellen

工具

• [706星][1y] [Py] merrychap/shellen 交互式Shellcode开发环境

文章

• 2018.03 [freebuf] Shellen：交互式shellcode开发环境
• 2018.02 [pediy] [翻译] Shellen-交互式shellcode开发环境

漏洞开发

工具

• [8星][4y] [Py] sectool/python-shellcode-buffer-overflow Shellcode / Buffer Overflow

文章

• 2018.04 [pediy] [翻译]Windows漏洞利用开发 - 第4部分：使用跳转定位Shellcode
• 2017.09 [shogunlab] Zero Day Zen Garden: Windows Exploit Development - Part 3 [Egghunter to Locate Shellcode]
• 2017.08 [shogunlab] Zero Day Zen Garden: Windows Exploit Development - Part 2 [JMP to Locate Shellcode]
• 2017.05 [abatchy] Exploit Dev 101: Jumping to Shellcode
• 2016.06 [digitaloperatives] Exploiting Weak Shellcode Hashes to Thwart Module Discovery; or, Go Home, Malware, You’re Drunk!
• 2016.01 [pediy] [翻译]Windows Exploit开发系列教程第六部分：WIN32 shellcode编写
• 2016.01 [pediy] [翻译]exploit开发教程第六章-shellcode
• 2015.08 [ly0n] Avoiding badchars & small buffers with custom shellcode – OdinSecureFTPclient SEH exploit
• 2015.08 [ly0n] Avoiding badchars & small buffers with custom shellcode – OdinSecureFTPclient SEH exploit
• 2014.03 [beefproject] Exploiting with BeEF Bind shellcode
• 2014.01 [securitysift] Windows Exploit Development – Part 5: Locating Shellcode With Egghunting
• 2013.12 [securitysift] Windows Exploit Development – Part 4: Locating Shellcode With Jumps
• 2008.01 [pediy] [原创]exploit_me_A的shellcode构造与突破

编码&&解码

工具

• [89星][4y] [Py] mothran/unicorn-decoder Simple shellcode decoder using unicorn-engine
• [51星][1y] [Py] ecx86/shellcode_encoder x64 printable shellcode encoder
• [45星][4y] [Py] eteissonniere/elidecode The tool to decode obfuscated shellcodes using the unicorn and capstone engine
• [29星][2y] [Py] ihack4falafel/slink Alphanumeric Shellcode (x86) Encoder
• [27星][7m] [Py] blacknbunny/encdecshellcode Shellcode Encrypter & Decrypter With XOR Cipher
• [13星][1y] [Py] veritas501/ae64 basic amd64 alphanumeric shellcode encoder
• [12星][2m] [Perl 6] anon6372098/faz-shc Faz-SHC is a program that can be encrypted the text you give to a Shellcode. Simple and coded with Perl. Coded by M.Fazri Nizar.
• [2星][1y] [Makefile] sh3llc0d3r1337/slae32-custom-encoder SLAE32 Assignment #4 - Custom Shellcode
• [0星][10m] pcsxcetra/equationeditorshellcodedecoder Tool to decode the encoded Shellcode of this type found in office documents

文章

• 2019.11 [rapid7] Metasploit Shellcode Grows Up: Encrypted and Authenticated C Shells
• 2019.11 [aliyun] Shellcode编码技术
• 2019.05 [pcsxcetrasupport3] A deeper look at Equation Editor CVE-2017-11882 with encoded Shellcode
• 2019.03 [cybersecpolitics] The Lost Art of Shellcode Encoder/Decoders
• 2018.07 [doyler] 编写 Shellcode XOR 编码/解码器, 躲避AV检测
• 2017.08 [360] SLAE：如何开发自定义的RBIX Shellcode编码解码器
• 2015.07 [bigendiansmalls] Building shellcode, egghunters and decoders.
• 2015.03 [freebuf] Huffy：哈夫曼编码的shellcode
• 2015.02 [skullsecurity] GitS 2015: Huffy (huffman-encoded shellcode)
• 2014.12 [zerosum0x0] x64 Shellcode Byte-Rotate Encoder
• 2014.04 [volatility] Building a Decoder for the CVE-2014-0502 Shellcode
• 2012.08 [debasish] Experiment With Run Time Encryption/Decryption of Win32 ShellCodes
• 2012.05 [pediy] [原创]shellcode xor编码/解码
• 2008.08 [pediy] [原创]shellcode的一种ascii编码方法

工具

• [513星][3y] [Py] reyammer/shellnoob Shellcode编写工具包
• [189星][1y] [Py] thesecondsun/shellab Shellcode开发/丰富工具，支持Windows/Linux
• [184星][8m] [C++] jackullrich/shellcodestdio 辅助编写Windows平台的位置无关Shellcode，支持x86/x64
• [115星][4y] [C++] lcatro/vuln_javascript 模拟一个存在漏洞的JavaScript 运行环境,用来学习浏览器漏洞原理和练习如何编写Shellcode
• [95星][2y] [Py] invictus1306/workshop-bsidesmunich2018 ARM shellcode and exploit development - BSidesMunich 2018
• [75星][6m] [C++] shellvm/shellvm A collection of LLVM transform and analysis passes to write shellcode in regular C
• [15星][4y] [Assembly] novicelive/shellcoding Introduce you to shellcode development.
• [6星][3y] [Java] jlxip/shellcode-ide An IDE for creating shellcodes.
• [3星][2y] [C] wanttobeno/study_shellcode windows平台下功能性shellcode的编写

文章

• 2020.01 [aliyun] shellcode编写过程总结
• 2019.06 [nytrosecurity] Writing shellcodes for Windows x64
• 2019.04 [4hou] Windows x86 Shellcode开发：寻找Kernel32.dll地址
• 2019.02 [X0x0FFB347] Writing a Custom Shellcode Encoder
• 2019.02 [aliyun] 用ARM编写shellcode
• 2019.01 [fuzzysecurity] Writing shellcode to binary files
• 2019.01 [fuzzysecurity] Part 6: Writing W32 shellcode
• 2019.01 [freebuf] 过年不屯点干货吗，Windows平台高效Shellcode编程技术实战｜精品公开课
• 2019.01 [ly0n] [BOOK] Shellcode writting in Windows environments
• 2019.01 [ly0n] [BOOK] Shellcode writting in Windows environments
• 2018.11 [4hou] FreeBSD上编写x86 Shellcode初学者指南
• 2018.08 [pediy] [原创]《0day安全...（第二版）》第3章第4节开发通用的shellcode在win10系统下测试的问题
• 2018.08 [360] 路由器漏洞复现终极奥义——基于MIPS的shellcode编写
• 2018.07 [pediy] [翻译]二进制漏洞利用（一）编写ARMshellcode&理解系统函数
• 2018.03 [aliyun] Windows下Shellcode编写详解
• 2018.02 [freebuf] Sickle：推荐一款优质ShellCode开发工具
• 2018.02 [aliyun] Linux下shellcode的编写
• 2017.09 [secist] 我的shellcode编写之路 |MSF| Shellcode | kali linux 2017
• 2017.06 [360] Shellcode编程之特征搜索定位GetProcAddress
• 2017.06 [skullsecurity] 解决 CTF "b-64-b-tuff"：手动编写 base64 解码器及 alphanumeric shellcode
• 2017.05 [360] Windows x64 shellcode编写指南
• 2017.05 [freebuf] 如何编写高质量的Windows Shellcode
• 2017.05 [pediy] [翻译]Windows平台下的Shellcode代码优化编写指引
• 2017.03 [4hou] HEVD 内核攻击: 编写Shellcode（三）
• 2017.01 [360] shellcode编程：在内存中解析API地址
• 2016.06 [paraschetal] Writing your own shellcode.
• 2016.02 [freebuf] Windows平台shellcode开发入门（三）
• 2016.02 [securitycafe] Introduction to Windows shellcode development – Part 3
• 2016.01 [freebuf] Windows平台shellcode开发入门（二）
• 2016.01 [freebuf] Windows平台shellcode开发入门（一）
• 2016.01 [securitygossip] When Every Byte Counts – Writing Minimal Length Shellcodes
• 2016.01 [sjtu] When Every Byte Counts – Writing Minimal Length Shellcodes
• 2015.12 [securitycafe] Introduction to Windows shellcode development – Part 2
• 2015.10 [securitycafe] Introduction to Windows shellcode development – Part 1
• 2015.02 [freebuf] Windows平台下高级Shellcode编程技术
• 2015.02 [pediy] [原创]windows平台下的高级shellcode编程技术
• 2015.02 [topsec] windows平台下高级shellcode编程技术
• 2014.08 [pediy] [原创]Masm宏框架 简单编写复杂的ShellCode
• 2014.07 [] 使用C编写shellcode
• 2013.12 [pediy] [原创]编写二进制的shellcode
• 2013.06 [pediy] [原创]PE感染&ShellCode编写技术补充
• 2013.05 [toolswatch] ShellNoob v1.0 – Shellcode Writing Toolkit
• 2013.04 [reyammer] ShellNoob 1.0 - a shellcode writing toolkit
• 2012.09 [pediy] [原创]Android系统shellcode编写
• 2012.06 [] shellcode的编写与关键
• 2011.06 [pediy] [原创]MASM之ShellCode框架编写[合并帖]
• 2010.10 [pediy] [原创]Win 7下定位kernel32.dll基址及shellcode编写
• 2010.09 [pediy] [翻译]Exploit 编写系列教程第九篇Win32 Shellcode编写入门
• 2010.05 [elearnsecurity] Writing OS Independent Shellcode
• 2010.03 [pediy] [原创]Writing JIT-Spray Shellcode for fun and profit - CHS[更新完整版]
• 2010.01 [pediy] [原创]编写反连ShellCode遇到的难点并解决之总结
• 2009.11 [pediy] [翻译]Exploit编写系列教程第二篇: 栈溢出——跳至shellcode
• 2009.07 [corelan] Exploit writing tutorial part 2 : Stack Based Overflows – jumping to shellcode
• 2009.01 [pediy] [翻译]写一段小型溢出代码（译自：Writing Small Shellcode）
• 2008.01 [pediy] [原创]ShellCode编写之hash式函数调用及相关
• 2006.07 [pediy] [原创]VC8编写ShellCode以及辅助工具

启动&&加载&&注入&&执行

注入

工具

• [126星][2y] [C++] gpoulios/ropinjector Patching ROP-encoded shellcodes into PEs
• [108星][1m] [C++] josh0xa/threadboat uses Thread Execution Hijacking to Inject Native Shellcode into a Standard Win32 Application
• [85星][3y] [C] countercept/doublepulsar-usermode-injector 使用 DOUBLEPULSAR payload 用户模式的 Shellcode 向其他进程注入任意 DLL
• [63星][8y] [Py] sensepost/anapickle Toolset for writing shellcode in Python's Pickle language and for manipulating pickles to inject shellcode.
• [60星][2m] [Py] psychomario/pyinject A python module to help inject shellcode/DLLs into windows processes
• [43星][5y] [Py] borjamerino/tlsinjector Python script to inject and run shellcodes through TLS callbacks
• [27星][2y] [Py] taroballzchen/shecodject shecodject is a autoscript for shellcode injection by Python3 programing
• [20星][3m] [Go] binject/shellcode Shellcode library as a Go package
• [19星][5y] [C] jorik041/cymothoa Cymothoa is a backdooring tool, that inject backdoor's shellcode directly into running applications. Stealth and lightweight...
• [16星][3y] [PLpgSQL] michaelburge/redshift-shellcode Example of injecting x64 shellcode into Amazon Redshift
• [14星][2y] chango77747/shellcodeinjector_msbuild
• [10星][1y] [C++] egebalci/injector Simple shellcode injector.
• [8星][2y] [C++] xiaobo93/unmodule_shellcode_inject 无模块注入工程 VS2008

文章

• 2019.12 [aliyun] 手工shellcode注入PE文件
• 2019.11 [4hou] 代码注入技术之Shellcode注入
• 2019.11 [ColinHardy] Excel 4.0 Macros Analysis - Cobalt Strike Shellcode Injection
• 2019.09 [freebuf] 在遇到shellcode注入进程时所使用的调试技
• 2019.08 [4hou] 远程进程shellcode注入调试技巧
• 2019.06 [360] Arm平台Ptrace注入shellcode技术
• 2018.10 [pediy] [原创]代替创建用户线程使用ShellCode注入DLL的小技巧
• 2018.09 [pediy] [分享]绝对牛逼哄哄的shellcode内存注入,支持64,32,远程内存注入,支持VMP壳最大强度保护
• 2018.08 [freebuf] sRDI：一款通过Shellcode实现反射型DLL注入的强大工具
• 2018.05 [cobaltstrike] PowerShell Shellcode Injection on Win 10 (v1803)
• 2017.12 [pentesttoolz] Shecodject – Autoscript for Shellcode Injection
• 2017.12 [MalwareAnalysisForHedgehogs] Malware Analysis - ROKRAT Unpacking from Injected Shellcode
• 2017.11 [freebuf] Metasploit自动化Bypass Av脚本：Shecodject X Shellcode Injection
• 2017.10 [pediy] [原创]通过Wannacry分析内核shellcode注入dll技术
• 2017.08 [silentbreaksecurity] sRDI – Shellcode Reflective DLL Injection
• 2015.12 [dhavalkapil] Shellcode Injection
• 2015.12 [n0where] Dynamic Shellcode Injection: Shellter
• 2015.10 [freebuf] Kali Shellter 5.1：动态ShellCode注入工具 绕过安全软件
• 2015.08 [christophertruncer] Injecting Shellcode into a Remote Process with Python
• 2015.08 [pediy] [原创]纯C++编写Win32/X64通用Shellcode注入csrss进程.
• 2015.07 [BsidesLisbon] BSidesLisbon2015 - Shellter - A dynamic shellcode injector - Kyriakos Economou
• 2015.06 [freebuf] 动态Shellcode注入工具 – Shellter
• 2015.06 [shelliscoming] TLS Injector: running shellcodes through TLS callbacks
• 2014.08 [toolswatch] Shellter v1.7 A Dynamic ShellCode Injector – Released
• 2014.06 [toolswatch] [New Tool] Shellter v1.0 A Dynamic ShellCode Injector – Released
• 2013.06 [debasish] Injecting Shellcode into a Portable Executable(PE) using Python
• 2013.05 [trustedsec] Native PowerShell x86 Shellcode Injection on 64-bit Platforms
• 2013.05 [pediy] [原创]内核ShellCode注入的一种方法
• 2012.10 [hackingarticles] Cymothoa – Runtime shellcode injection Backdoors
• 2012.09 [hackingarticles] PyInjector Shellcode Injection attack on Remote PC using Social Engineering Toolkit
• 2012.08 [trustedsec] New tool PyInjector Released – Python Shellcode Injection
• 2011.07 [firebitsbr] Syringe utility provides ability to inject shellcode into processes
• 2007.01 [pediy] 《The Shellcoder's handbook》第十四章_故障注入
• 2006.02 [pediy] [原创]ShellCode的另外一种玩法(远程线程注入ShellCode)

执行

工具

• [77星][2m] [C] dimopouloselias/simpleshellcodeinjector receives as an argument a shellcode in hex and executes it

文章

• 2019.09 [4hou] Windows shellcode执行技术入门指南
• 2019.07 [contextis] A Beginner’s Guide to Windows Shellcode Execution Techniques
• 2019.03 [countercept] Dynamic Shellcode Execution
• 2019.03 [countercept] Dynamic Shellcode Execution
• 2019.01 [t00ls] 投稿文章：Bypass Applocker + 免杀执行任意 shellcode [ csc + installUtil ]
• 2017.09 [] ShellCode执行代码iptables -P INPUT ACCEPT
• 2017.04 [osandamalith] 使Windows Loader直接执行ShellCode，IDA载入文件时崩溃，而且绕过大多数杀软。
• 2017.01 [360] 利用原生Windows函数执行shellcode
• 2016.12 [evi1cg] Office Shellcode Execution
• 2016.10 [qq] 宏病毒利用EnumDateFormats执行Shellcode创建傀进程绕杀软
• 2016.08 [360] CallWindowProc被宏病毒利用来执行Shellcode
• 2016.06 [modexp] Shellcode: Execute command for x32/x64 Linux / Windows / BSD
• 2016.03 [modexp] Shellcodes: Executing Windows and Linux Shellcodes
• 2015.08 [doyler] Executing Shellcode with Python
• 2014.11 [BSidesCHS] BSidesCHS 2013 - Session 02 - Java Shellcode Execution
• 2014.07 [pediy] [原创]从内核在WOW64进程中执行用户态shellcode
• 2014.03 [sevagas] Hide meterpreter shellcode in executable
• 2013.08 [freebuf] 利用vbs优雅的执行shellcode
• 2013.02 [y0nd13] HunnyBunny: Execute any shellcode on the
• 2012.04 [debasish] Execute ShellCode Using Python
• 2010.12 [riusksk] Shellcode分段执行技术原理
• 2009.02 [pediy] [原创]从执行流程看shellcode（一）[附源代码]
• 2008.12 [pediy] [求助]第五章的通用shellcode在password.txt中始终无法正常执行令我好生头痛

工具

• [353星][6y] [C] inquisb/shellcodeexec 在内存中执行opcode序列
• [258星][1m] [C++] clinicallyinane/shellcode_launcher Shellcode launcher utility
• [235星][4y] [Py] pyana/pyana 使用Unicorn框架模拟执行Shellcode(Windows)
• [229星][2m] [Go] brimstone/go-shellcode Load shellcode into a new process
• [153星][9m] [Assembly] peterferrie/win-exec-calc-shellcode 执行calc.exe的Shellcode (x86/x64, 所有版本/SPs)
• [148星][6m] [Pascal] coldzer0/cmulator ( x86 - x64 ) Scriptable Reverse Engineering Sandbox Emulator for shellcode and PE binaries . Based on Unicorn & Zydis Engine & javascript
• [129星][3y] [PS] arno0x/dnsdelivery delivery and in memory execution of shellcode or .Net assembly using DNS requests delivery channel.
• [122星][3y] [C#] zerosum0x0/runshellcode .NET GUI program that runs shellcode
• [97星][6m] [PS] rvrsh3ll/cplresourcerunner Run shellcode from resource
• [91星][11m] [C] fireeye/flare-kscldr 内核中加载Shellcode: 实例、方法与工具
• [73星][6y] enigma0x3/powershell-payload-excel-delivery Uses Invoke-Shellcode to execute a payload and persist on the system.
• [64星][1y] [C] emptymonkey/drinkme 从 stdin 读取 ShellCode 并执行。用于部署 ShellCode 之前测试
• [57星][3y] [C] zerosum0x0/shellcodedriver Windows driver to execute arbitrary usermode code (essentially same vulnerability as capcom.sys)
• [55星][2y] [C++] sisoma2/shellcodeloader Small tool to load shellcodes or PEs to analyze them
• [42星][1y] [C++] userexistserror/dllloadershellcode Shellcode to load an appended Dll
• [34星][3y] [Py] n1nj4sec/pymemimporter import pyd or execute PE all from memory using only pure python code and some shellcode tricks
• [26星][3y] [Ruby] eik00d/reverse_dns_shellcode Revrese DNS payload for Metasploit: Download Exec x86 shellcode. Also DNS Handler and VBS bot (alsow working over DNS) as PoC included.
• [23星][1m] [Py] thomaskeck/pyshellcode Execute ShellCode / "Inline-Assembler" in Python
• [18星][3y] [Py] 0xyg3n/mem64 Run Any Native PE file as a memory ONLY Payload , most likely as a shellcode using hta attack vector which interacts with Powershell.
• [15星][3y] [C++] naxalpha/shellcode-loader Shellcode Loader Engine for Windows
• [4星][2y] [C] samvartaka/triton_analysis Analysis of the TRITON/TRISIS/HatMan multi-stage PowerPC shellcode payload
• [2星][3m] [C] brimstone/shellload Load shellcode into a new process, optionally under a false name.

文章

• 2018.04 [4hou] 一个可以动态分析恶意软件的工具——Kernel Shellcode Loader
• 2018.04 [fireeye] 内核中加载Shellcode: 实例、方法与工具
• 2017.06 [pediy] [翻译]Windows内核ShellCode的动态加载和调试
• 2017.04 [360] 如何从猫咪图片中加载运行shellcode
• 2017.02 [modexp] Shellcode: Fido and how it resolves GetProcAddress and LoadLibraryA
• 2014.02 [govolution] Writing a download and exec shellcode

生成

工具

• [693星][1m] [C] thewover/donut 生成位置无关的shellcode（x86，x64或AMD64 + x86），该shellcode从内存中加载.NET程序集、PE文件和其他Windows有效负载，并使用参数运行它们
• [582星][2m] [Shell] r00t-3xp10it/venom shellcode 生成器、编译器、处理器(metasploit)
• [552星][8m] [C++] nytrorst/shellcodecompiler 将C/C ++样式代码编译成一个小的、与位置无关且无NULL的Shellcode，用于Windows（x86和x64）和Linux（x86和x64）
• [493星][1m] [Py] zdresearch/owasp-zsc Shellcode/混淆代码生成器
• [90星][3y] [C++] gdelugre/shell-factory C++-based shellcode builder
• [88星][2m] [Py] alexpark07/armscgen ARM Shellcode Generator
• [80星][3y] [Py] hatriot/shellme simple shellcode generator
• [63星][5y] [Py] veil-framework/veil-ordnance Veil-Ordnance is a tool designed to quickly generate MSF stager shellcode
• [40星][3y] [Py] karttoon/trigen Trigen is a Python script which uses different combinations of Win32 function calls in generated VBA to execute shellcode.
• [37星][3y] [C++] 3gstudent/shellcode-generater No inline asm,support x86/x64
• [33星][2y] [HTML] rh0dev/shellcode2asmjs Automatically generate ASM.JS JIT-Spray payloads
• [13星][4y] zdresearch/zcr-shellcoder-archive ZeroDay Cyber Research - ZCR Shellcoder Archive - z3r0d4y.com Shellcode Generator
• [13星][1m] [C++] hoodoer/enneos Evolutionary Neural Network Encoder of Shenanigans. Obfuscating shellcode with an encoder that uses genetic algorithms to evolve neural networks to contain and output the shellcode on demand.
• [10星][2m] [C#] clonemerge/shellgen Dynamic and extensible shell code generator with multiple output types which can be formatted in binary, hexadecimal, and the typical shellcode output standard.
• [4星][2y] [Shell] thepisode/linux-shellcode-generator Experiments on Linux Assembly shellcodes injection
• [1星][4m] [Py] ins1gn1a/woollymammoth Toolkit for manual buffer exploitation, which features a basic network socket fuzzer, offset pattern generator and detector, bad character identifier, shellcode carver, and a vanilla EIP exploiter

文章

• 2019.07 [aliyun] 生成可打印的shellcode
• 2019.07 [4hou] Shellcode生成工具Donut测试分析
• 2019.06 [3gstudent] Shellcode生成工具Donut测试分析
• 2018.12 [HackerSploit] Generating Shellcode With Msfvenom
• 2018.10 [pediy] [原创] 抛砖引玉之gcc生成可可携带字符串的shellcode
• 2018.06 [doyler] Execve Shellcode – Includes Arguments and Generator!
• 2018.03 [pediy] [原创]简陋的小工具:DWORD数组形式拷贝shellcode内容;裸函数生成
• 2018.02 [pentesttoolz] VENOM 1.0.15 – Metasploit Shellcode Generator/Compiler/Listener
• 2017.08 [zerosum0x0] 在线版 混淆字符串/Shellcode 生成器
• 2017.07 [pediy] [原创]开源ShellCode生成引擎
• 2017.07 [msreverseengineering] SynesthesiaYS 介绍
• 2017.05 [abatchy] ROT-N Shellcode Encoder/Generator (Linux x86)
• 2017.04 [360] 生成自己的Alphanumeric/Printable shellcode
• 2017.02 [4hou] Windows Shellcode学习笔记——通过VisualStudio生成shellcode
• 2017.01 [christophertruncer] Shellcode Generation, Manipulation, and Injection in Python 3
• 2017.01 [3gstudent] Windows Shellcode学习笔记——通过VisualStudio生成shellcode
• 2017.01 [3gstudent] Windows Shellcode学习笔记——通过VisualStudio生成shellcode
• 2016.02 [hackingarticles] Exploitation of Windows PC using Venom: Shellcode Generator
• 2016.02 [freebuf] 工具推荐：Shellsploit，ShellCode生成器
• 2016.01 [n0where] Shellcode Generator: Venom
• 2015.02 [govolution] Null Free Windows WinExec Shellcode & Tool for generating Payload
• 2014.04 [securityblog] How to generate shellcode from custom exe in metasploit
• 2012.05 [freebuf] phpcodegen-library[php生成shellcode函数库]
• 2007.11 [pediy] [原创]生成一个关于URLDownloadToFile的shellcode机器码

转换

工具

• [635星][4m] [PS] monoxgas/srdi Shellcode实现的反射DLL注入。将DLL转换为位置无关的Shellcode
• [407星][3m] [Assembly] hasherezade/pe_to_shellcode 将PE文件转换为Shellcode
• [79星][2y] [Py] blacknbunny/shellcode2assembly
• [49星][8m] [C] w1nds/dll2shellcode dll转shellcode工具
• [34星][5y] [C++] 5loyd/makecode Dll Convert to Shellcode.
• [18星][3y] [Py] after1990s/pe2shellcode pe2shellcode
• [12星][1m] [Py] davinci13/exe2shell Converts exe to shellcode.
• [10星][3y] [Perl] gnebbia/shellcoder Create shellcode from executable or assembly code
• [5星][10m] [C++] giantbranch/convert-c-javascript-shellcode C与javascript格式的shellcode相互转换小工具
• [2星][7y] [C] hamza-megahed/binary2shellcode binary to shellcode converter
• [0星][6y] [Py] yatebyalubaluniyat/rawshellcode2exe converts raw shellcode to exe

文章

• 2017.11 [pediy] [原创]【Python】使用Python将Shellcode转换成汇编
• 2017.11 [freebuf] 如何把shellcode转换成exe文件分析
• 2015.12 [hexacorn] Converting Shellcode to Portable Executable (32- and 64- bit)

分析

漏洞

工具

• [203星][2y] [Py] rootlabs/smap Handy tool for shellcode analysis
• [166星][2y] [C] oalabs/blobrunner Quickly debug shellcode extracted during malware analysis
• [39星][4y] [Py] dungtv543/dutas Analysis PE file or Shellcode
• [38星][5y] [C++] adamkramer/jmp2it Transfer EIP control to shellcode during malware analysis investigation
• [11星][5y] [Py] debasishm89/qhook qHooK is very simple python script (dependent on pydbg) which hooks user defined Win32 APIs in any process and monitor then while process is running and at last prepare a CSV report with various interesting information which can help reverse engineer to track down / analyse unknown exploit samples / shellcode.

文章

• 2019.10 [sentinelone] Building A Custom Tool For Shellcode Analysis
• 2019.04 [freebuf] Xori：一款针对PE32和Shellcode的自动化反编译与静态分析库
• 2019.03 [sans] "VelvetSweatshop" Maldocs: Shellcode Analysis
• 2019.01 [360] 对某HWP漏洞样本的shellcode分析
• 2018.10 [MSbluehat] BlueHat v18 || Linear time shellcode detection using state machines and operand analysis on the runtime
• 2018.09 [ironcastle] Analyzing Encoded Shellcode with scdbg, (Mon, Sep 24th)
• 2018.09 [sans] Analyzing Encoded Shellcode with scdbg
• 2018.09 [dist67] Using scdbg to analyze shellcode
• 2018.09 [ironcastle] Video: Using scdbg to analyze shellcode, (Sat, Sep 8th)
• 2018.09 [sans] Another quickie: Using scdbg to analyze shellcode
• 2018.08 [doyler] Metasploit Shellcode Analysis – read_file via ndisasm (SLAE Exam #5.1)
• 2018.06 [nao] Analyzing Shellcode of GrandSoft's CVE-2018-8174
• 2018.05 [pediy] [原创]od逆向分析栈溢出shellcode
• 2018.02 [sans] Analyzing compressed shellcode
• 2017.07 [360] EternalBlue Shellcode详细分析
• 2017.05 [360] NSA武器库：DoublePulsar初始SMB后门shellcode分析
• 2017.04 [zerosum0x0] NSA武器库：DoublePulsar初始SMB后门shellcode分析
• 2017.03 [cysinfo] Episode 3 – Shellcode Analysis with APITracker
• 2016.12 [360] 恶意文档分析：从宏指令到Shellcode
• 2016.11 [dist67] Hancitor Maldoc: Shellcode Dynamic Analysis
• 2016.02 [miasm] Dynamic shellcode analysis
• 2016.01 [freebuf] Shellcode分析工具PyAna
• 2015.07 [tencent] Hacking Team Mac OSX 64位 Shellcode 技术分析
• 2015.07 [riusksk] Hacking Team 武器库研究（五）：Mac OSX 64位 Shellcode 技术分析
• 2015.06 [pediy] [原创]格盘的shellcode分析
• 2015.02 [pediy] [原创]解析coff文件之提取shellcode代码
• 2015.01 [checkpoint] Diving into a Silverlight Exploit and Shellcode – Analysis and Techniques | Check Point Software Blog
• 2014.12 [sans] Analyzing Shellcode Extracted from Malicious RTF Documents
• 2014.12 [jowto] 某EXCEL漏洞样本shellcode分析
• 2014.12 [thembits] RIG Exploit Kit - Shellcode analysis
• 2014.09 [radare] Adventures with Radare2 #1: A Simple Shellcode Analysis
• 2014.09 [radare] Adventures with Radare2 #1: A Simple Shellcode Analysis
• 2014.07 [pediy] [原创]一段 shellcode 代码的分析
• 2014.01 [govolution] SLAE Assignment 5: Shellcode Analysis
• 2011.11 [pediy] [原创]简单Shellcode的详细分析
• 2011.09 [beistlab] 한글 제로데이 쉘코드 간략 분석 (Quick analyzing HanGul 0day shellcode)
• 2011.03 [pediy] [原创]POC分析助手-ShellcodeDumper
• 2011.03 [pediy] [原创]一个word溢出样本的shellcode分析
• 2010.09 [pediy] [原创]CVE-2006-2389漏洞shellcode解析
• 2010.09 [pediy] [原创]CVE-2010-1297漏洞shellcode简析
• 2010.06 [forcepoint] Crypto-Analysis in Shellcode Detection
• 2010.01 [hexblog] PDF file loader to extract and analyse shellcode
• 2009.10 [pediy] [原创]windows下的shellcode剖析浅谈
• 2009.06 [microsoft] Shellcode Analysis via MSEC Debugger Extensions
• 2009.03 [alienvault] Ossim: Shellcode Detection and Analysis
• 2008.10 [pediy] [原创]一个word溢出样本ShellCode的分析
• 2008.09 [sans] Static analysis of Shellcode - Part 2
• 2008.09 [sans] Static analysis of Shellcode
• 2008.06 [pediy] [原创]flash漏洞所用shellcode的分析
• 2007.12 [pediy] [技术专题]软件漏洞分析入门_6_初级shellcode_定位缓冲区
• 2007.06 [pediy] [原创]一份shellcode的详细分析
• 2007.04 [msreverseengineering] Shellcode Analysis
• 2006.11 [pediy] [原创]用softice对doc捆绑木马或exe文件的程序的shellcode分析

BypassXxx

AV

工具

• [322星][1m] [C#] hackplayers/salsa-tools ShellReverse TCP/UDP/ICMP/DNS/SSL/BINDTCP/Shellcode/SILENTTRINITY and AV bypass, AMSI patched
• [195星][1y] [Py] mr-un1k0d3r/unibyav a simple obfuscator that take raw shellcode and generate executable that are Anti-Virus friendly.
• [177星][3y] [Py] arno0x/shellcodewrapper 支持多种语言的Shellcode包装器，支持编码/加密。可用于绕过杀软
• [84星][2y] [C] hvqzao/foolavc foolav successor - loads DLL, executable or shellcode into memory and runs it effectively bypassing AV
• [78星][1m] [Py] k8gege/scrun BypassAV ShellCode Loader (Cobaltstrike/Metasploit)

文章

• 2020.03 [freebuf] 远控免杀从入门到实践（8）-shellcode免杀实践
• 2020.02 [aliyun] 那些shellcode免杀总结
• 2019.12 [aliyun] shellcode加密过杀软
• 2019.05 [4hou] 绕过杀软：通过网络接收ShellCode的无文件攻击方式与检测方法
• 2017.08 [modexp] 使用名为 Maru 的哈希函数创建permutable API hash，逃避杀软检测
• 2017.03 [4hou] 免杀的艺术：史上最全的汇编Shellcode的技巧（三）
• 2017.03 [pentest] 反检测的艺术（Part 3：Shellcode Alchemy）
• 2015.09 [] 使用shellcode打造MSF免杀payload
• 2013.08 [] encode msf shellcode绕过杀毒

工具

• [262星][2y] [Py] cryptolok/morphaes 多态shellcode引擎，具有变态特性并能够绕过沙箱，绕过IDPS检测
• [226星][7m] [Py] infosecn1nja/maliciousmacromsbuild 生成恶意宏，通过MSBuild执行PowerShell或Shellcode，绕过白名单
• [159星][3m] [Py] rvn0xsy/cooolis-ms Cooolis-ms is a server that supports the Metasploit Framework RPC. It is used to work with the Shellcode and PE loader. To some extent, it bypasses the static killing of anti-virus software, and allows the Cooolis-ms server to communicate with the Metasploit server. Separation.
• [154星][2m] [C#] fireeye/duedlligence Shellcode runner for all application whitelisting bypasses
• [3星][2y] [Py] manojcode/foxit-reader-rce-with-virualalloc-and-shellcode-for-cve-2018-9948-and-cve-2018-9958 Foxit Reader version 9.0.1.1049 Use After Free with ASLR and DEP bypass on heap

文章

• 2019.11 [freebuf] 红蓝对抗之如何利用Shellcode来躲避安全检测
• 2019.03 [360] 如何利用OOB数据绕过防火墙对shellcode的拦截
• 2018.07 [pediy] [翻译]English Shellcode - 散文化Shellcode - 绕过对有效载荷的静态检测的思路
• 2017.08 [pediy] [原创][原创]给shellcode找块福地－ 通过VDSO绕过PXN
• 2017.04 [4hou] Windows Shellcode学习笔记——利用VirtualAlloc绕过DEP
• 2017.03 [4hou] Windows Shellcode学习笔记——通过VirtualProtect绕过DEP
• 2017.03 [3gstudent] Windows Shellcode学习笔记——利用VirtualAlloc绕过DEP
• 2017.03 [3gstudent] Windows Shellcode学习笔记——利用VirtualAlloc绕过DEP
• 2017.03 [3gstudent] Windows Shellcode学习笔记——通过VirtualProtect绕过DEP
• 2017.03 [3gstudent] Windows Shellcode学习笔记——通过VirtualProtect绕过DEP
• 2012.08 [pediy] [原创]一种反检测的Shellcode GetPC方法Flush GetPC
• 2011.12 [greyhathacker] Bypassing EMET’s EAF with custom shellcode using kernel pointer

ARM

工具

• [180星][3m] [C] odzhan/shellcode 针对Windows/Linux/BSD的Shellcode
• [41星][1y] [Assembly] therealsaumil/arm_shellcode Make ARM Shellcode Great Again

文章

• 2019.06 [hitbsecconf] #HITB2019AMS D1T1 - Make ARM Shellcode Great Again - Saumil Shah
• 2019.04 [X0x0FFB347] Shellcode for IoT: A Password-Protected Reverse Shell (Linux/ARM)
• 2019.02 [senr] Why is My Perfectly Good Shellcode Not Working?: Cache Coherency on MIPS and ARM
• 2018.10 [Cooper] Hack.lu 2018: Make ARM Shellcode Great Again - Saumil Udayan Shah
• 2018.02 [modexp] ARM 汇编初学者指南
• 2017.09 [modexp] Shellcode: Linux ARM (AArch64)
• 2017.09 [modexp] Shellcode: Linux ARM Thumb mode
• 2016.08 [arxiv] [1608.03415] ARMv8 Shellcodes from 'A' to 'Z'
• 2015.07 [osandamalith] Getting Shellcode from ARM Binaries

其他

工具

收集

• [981星][1m] [Py] nullsecuritynet/tools 收集：安全工具、Exp、PoC、Shellcode、脚本

新添加

• [179星][2y] [PS] mattifestation/pic_bindshell Position Independent Windows Shellcode Written in C
• [156星][3y] [Py] secretsquirrel/fido Teaching old shellcode new tricks
• [155星][4y] [C] ixty/xarch_shellcode Cross Architecture Shellcode in C
• [148星][4y] [Py] kgretzky/python-x86-obfuscator This is a WIP tool that performs shellcode obfuscation in x86 instruction set.
• [129星][4y] [Assembly] osirislab/shellcode a repository of Shellcode written by students in NYU-Polytechnic's ISIS lab.
• [124星][6y] tombkeeper/shellcode_template_in_c
• [115星][5y] [C] mariovilas/shellcode_tools Miscellaneous tools written in Python, mostly centered around shellcodes.
• [76星][2y] [Assembly] zznop/pop-nedry x86-64 Windows shellcode that recreates the Jurassic Park hacking scene (Ah, ah, ah... you didn't' say the magic word!)
• [66星][4y] [Assembly] scorchsecurity/systorm NASM Standard Library for shellcode
• [60星][1m] [Py] ohjeongwook/shellcodeemulator Shellcode emulator written with Unicorn
• [60星][2m] [VBScript] djhohnstein/scatterbrain Suite of Shellcode Running Utilities
• [59星][4y] [C] k2/admmutate Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others
• [57星][3m] [C] buffer/libemu x86 emulation and shellcode detection
• [56星][6y] [C] devzero2000/shellcoderhandbook shellcoderhandbook source code : "The Shellcoder's Handbook: Discovering and Exploiting Security Holes"
• [49星][4y] [Assembly] t00sh/assembly Collection of Linux shellcodes
• [44星][3y] [C] p0cl4bs/shellcodes
• [44星][1m] [Py] offsecginger/pythonaesobfuscate Obfuscates a Python Script and the accompanying Shellcode.
• [43星][8y] [C] hellman/shtest Simple shellcode testing tool.
• [39星][4y] [C] laginimaineb/waroftheworlds QSEE Shellcode to directly hijack the "Normal World" Linux Kernel
• [38星][5m] [Py] desword/shellcode_tools Useful tools for writing shellcode
• [38星][4y] [Assembly] sh3llc0d3r1337/windows_reverse_shell_1 Windows Reverse Shell shellcode
• [36星][3y] [Assembly] mortenschenk/token-stealing-shellcode
• [34星][8m] [C] csandker/inmemoryshellcode A Collection of In-Memory Shellcode Execution Techniques for Windows
• [34星][2m] [Py] skybulk/bin2sc Binary to shellcode from an object/executable format 32 & 64-bit PE , ELF
• [33星][3y] [Py] mipu94/broids_unicorn simple plugin to detect shellcode on Bro IDS with Unicorn
• [27星][7y] [C] hacksysteam/shellcodeofdeath Shellcode Of Death
• [26星][2y] [C] embedi/tcl_shellcode A template project for creating a shellcode for the Cisco IOS in the C language
• [26星][5m] [C] ufrisk/shellcode64 A minimal tool to extract shellcode from 64-bit PE binaries.
• [25星][3y] [C] osandamalith/shellcodes My Shellcode Archive
• [25星][5y] [C++] rootkitsmm/winio-vidix Exploit WinIo - Vidix and Run Shellcode in Windows Kerne ( local Privilege escalation )
• [24星][5y] [C#] tophertimzen/shellcodetester GUI Application in C# to run and disassemble shellcode
• [23星][5y] [Assembly] zerosum0x0/slae64 x64 Linux Shellcode
• [23星][3m] [Py] zerosteiner/crimson-forge Sustainable shellcode evasion
• [21星][4y] [Visual Basic .NET] osandamalith/vbshellcode Making shellcode UD -
• [20星][2y] [Py] danielhenrymantilla/shellcode-factory Tool to create and test shellcodes from custom assembly sources (with some encoding options)
• [20星][5m] [Assembly] pinkp4nther/shellcodes I'll post my custom shellcode I make here!
• [20星][1y] [C] m0rv4i/ridgway A quick tool for hiding a new process running shellcode.
• [19星][4y] [Assembly] bruce30262/x86_shellcode_tutorial A training course for BambooFox
• [17星][2y] [Py] hamza-megahed/pentest-with-shellcode Penetration testing with shellcode codes
• [15星][1m] [C] compilepeace/kaal_bhairav an ELF (ET_EXEC and ET_DYN) infector that infects system binaries with custom shellcode
• [15星][2y] [Py] nullarray/shellware Persistent bind shell via pythonic shellcode execution, and registry tampering.
• [11星][8m] [Assembly] egebalci/selfdefense Several self-defense shellcodes
• [10星][2y] [Py] 1project/scanr Detect x86 shellcode in files and traffic.
• [10星][3m] [C] hc0d3r/scdump shellcode dumper
• [9星][11m] [C] eahlstrom/ucui-unicorn ncurses shellcode/instructions tester using unicorn-engine
• [8星][3y] [Py] breaktoprotect/shellcarver 使用限制字符集在内存雕刻（Carve ） shellcode。手动版的 msfvenom -b
• [8星][5y] hoainam1989/shellcode Tut for making Linux Shellcode
• [7星][3y] [Assembly] mortenschenk/acl_edit Assembly code to use for Windows kernel shellcode to edit winlogon.exe ACL
• [7星][11m] [C] lnslbrty/bufflow A collection of security related code examples e.g. a buffer overflow including an exploit, crypters, shellcodes and more.
• [6星][3y] [C] degrigis/exploitation Repo for various exploitation utilities/PoC/Shellcodes/CTF solutions
• [6星][11m] [Assembly] govolution/win32shellcode
• [4星][4y] [Assembly] theevilbit/shellcode Some random shellcodes I created
• [2星][5y] [Assembly] govolution/moreshellcode
• [2星][2y] hamza-megahed/shellcode Linux/x86 Shellcodes
• [1星][2y] orf53975/rig-exploit-for-cve-2018-8174 Rig Exploit for CVE-2018-8174 As with its previous campaigns, Rig’s Seamless campaign uses malvertising. In this case, the malvertisements have a hidden iframe that redirects victims to Rig’s landing page, which includes an exploit for CVE-2018-8174 and shellcode. This enables remote code execution of the shellcode obfuscated in the landing page…
• [1星][3y] [Ruby] shayanzare/obj2shellcode Objdump to ShellCode
• [1星][6y] [Assembly] stephenbradshaw/shellcode Various shell code I have written
• [1星][6m] [Assembly] push4d/shellcode-alfanumerico---spawn-bin-sh-elf-x86- PoC Shellcode alfanumerico (Solo numeros y letras (mayúsculas y minúsculas)) para invocar un /bin/sh, ELF x86
• [1星][10y] [Assembly] skylined/w32-bind-ngs-shellcode Automatically exported from code.google.com/p/w32-bind-ngs-shellcode
• [0星][2y] [Assembly] felixzhang00/shellcode_example
• [0星][2y] [Py] orangepirate/cve-2018-9948-9958-exp a exp for cve-2018-9948/9958 , current shellcode called win-calc
• [0星][5y] [C] quantumvm/forkshellcode Runs and executable and forks shellcode.
• [0星][4y] [Makefile] sh3llc0d3r1337/slae32-polymorphic-shellcodes SLAE32 Assignment #6 - Polymorphic shellcodes
• [0星][5y] [Py] wjlandryiii/shellcode my shellcode

其他

• [2425星][2y] [Py] secretsquirrel/the-backdoor-factory 为PE, ELF, Mach-O二进制文件添加Shellcode后门
• [2209星][1m] [Py] trustedsec/unicorn 通过PowerShell降级攻击, 直接将Shellcode注入到内存
• [664星][1y] [Rust] endgameinc/xori 自动化反汇编、静态分析库，适用于PE32, 32+ 和shellcode
• [470星][3y] [Py] trustedsec/meterssh 将Shellcode注入内存，然后通过SSH隧道传输（端口任选，并伪装成普通SSH连接）
• [430星][2m] [C] hasherezade/hollows_hunter Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
• [225星][1m] [PS] outflanknl/excel4-dcom PowerShell和Cobalt Strike脚本，通过DCOM执行Excel4.0/XLM宏实现横向渗透（直接向Excel.exe注入Shellcode）

文章

新添加

• 2020.02 [3gstudent] 通过Mono(跨平台.NET运行环境)执行shellcode
• 2020.02 [3gstudent] 通过Boolang语言执行shellcode的利用分析
• 2019.12 [johnlatwc] Early Security Stories — Green Shellcode Contest
• 2019.11 [aliyun] shellcode 的艺术
• 2019.08 [osandamalith] Running Shellcode Directly in C
• 2019.08 [code610] ret2shellcode challenge
• 2019.08 [sentinelone] Malicious Input: How Hackers Use Shellcode
• 2019.07 [pcsxcetrasupport3] Those Pesky Powershell Shellcode’s And How To Understand Them
• 2019.07 [gironsec] A Shellcode Idea
• 2019.06 [gironsec] Expiring Shellcode update
• 2019.05 [X0x0FFB347] Solving MalwareTech Shellcode challenges with some radare2 magic!
• 2019.05 [osandamalith] Shellcode to Dump the Lsass Process
• 2019.03 [vkremez] Let's Learn: Dissecting Operation ShadowHammer Shellcode Internals in crt_ExitProcess
• 2019.03 [X0x0FFB347] A Trinity of Shellcode, AES & Go
• 2019.03 [BorjaMerino] One-Way Shellcode for firewall evasion using Out Of Band data
• 2019.03 [shelliscoming] One-Way Shellcode for firewall evasion using Out Of Band data
• 2019.03 [pcsxcetrasupport3] A look at a bmp file with embedded shellcode
• 2019.01 [fuzzysecurity] FreeFloat FTP (custom shellcode)
• 2019.01 [fuzzysecurity] Windows XP PRO SP3 - Full ROP calc shellcode
• 2019.01 [micropoor] Micropoor_shellcode for payload backdoor
• 2019.01 [ironcastle] Maldoc with Nonfunctional Shellcode, (Wed, Jan 2nd)
• 2019.01 [sans] Maldoc with Nonfunctional Shellcode
• 2018.11 [MalwareTech] Beginner Reversing #3 (Shellcode2 & Lab Overview)
• 2018.10 [MalwareTech] Beginner Reversing #2 (Shellcode1 & MEMZ Malware)
• 2018.10 [doyler] Custom Shellcode Crypter – SLAE Exam Assignment #7
• 2018.09 [doyler] Polymorphic Shellcode – SLAE Exam Assignment #6
• 2018.09 [malwarenailed] Reversing shellcode using blobrunner and Olly
• 2018.08 [secist] MMFML-powershell-shellcode
• 2018.08 [doyler] Shellcode Encoding – Random Bytewise XOR (SLAE Exam #4)
• 2018.08 [nightst0rm] Tản mạn về edit shellcode của metasploit
• 2018.08 [trendmicro] Use-after-free (UAF) Vulnerability CVE-2018-8373 in VBScript Engine Affects Internet Explorer to Run Shellcode
• 2018.08 [doyler] Egg Hunter Shellcode – SLAE Exam Assignment #3
• 2018.07 [doyler] Shell Reverse TCP Shellcode – SLAE Exam Assignment #2
• 2018.07 [doyler] Shell Bind TCP Shellcode – SLAE Exam Assignment #1
• 2018.06 [pediy] [原创]windows下shellcode提取模板的实现
• 2018.06 [doyler] Hello World Shellcode – Now for the fun part!
• 2018.06 [shelliscoming] Windows reuse shellcode based on socket's lifetime
• 2018.05 [aliyun] 溢出过程需要的shellcode测试
• 2018.05 [pentestingexperts] smap: Shellcode mapper
• 2018.05 [rapid7] 隐藏Metasploit Shellcode, 躲避Windows Defender检测
• 2018.04 [sploitspren] Linux x86 Polymorphic Shellcode
• 2018.04 [sploitspren] Linux x86 Polymorphic Shellcode
• 2018.04 [venus] Cisco ios shellcode: all-in-one译文
• 2018.04 [aliyun] Coding art in shellcode（3）
• 2018.04 [aliyun] Coding art in shellcode（2）
• 2018.04 [aliyun] Coding art in shellcode（1）
• 2018.02 [360] Windows(x86与x64) Shellcode技术研究
• 2018.01 [trackwatch] Improving custom shellcode detection
• 2017.12 [OALabs] Debugging shellcode using BlobRunner and IDA Pro
• 2017.11 [360] Egg Hunting：一个非常短的shellcode
• 2017.11 [modexp] 可以当作推文发送的 x86 Windows 反向 Shell
• 2017.11 [trackwatch] [CODEBREAKER] Présentation de la détection des shellcodes encodés sur GATEWATCHER sur Windows Server 2008 R2 (Version 2.X minimum)
• 2017.11 [mediaservice] A patch for PowerSploit’s Invoke-Shellcode.ps1
• 2017.10 [freebuf] 用TEB结构实现ShellCode的通用性
• 2017.10 [trackwatch] [CODEBREAKER] Présentation de la détection des shellcodes encodés sur GATEWATCHER sur Linux (Version 2.X minimum)
• 2017.10 [trackwatch] [CODEBREAKER] Présentation de la détection des shellcodes custom non encodés sur GATEWATCHER sur Windows XP (Version 2.5 minimum)
• 2017.09 [aliyun] Shellcode另类使用方式
• 2017.08 [360] HITB GSEC CTF Win Pwn解题全记录之babyshellcode
• 2017.08 [venus] HITB GSEC CTF Win Pwn 解题全记录之 babyshellcode
• 2017.08 [360] 通过Shellcode聚类识别定向攻击（APT）相关的恶意代码
• 2017.08 [vkremez] Let's Learn: Preparing Shellcode in NASM
• 2017.08 [4hou] 教你如何使用分组密码对shellcode中的windows api字符串进行加密
• 2017.07 [ColinHardy] Extract Shellcode from Fileless Malware like a Pro
• 2017.06 [modexp] Shellcode: The hunt for GetProcAddress
• 2017.06 [nsfocus] 手把手简易实现shellcode及详解
• 2017.06 [pediy] [翻译]Shellcode:x86优化 part 1
• 2017.06 [modexp] Shellcode: x86 优化方案（part 1）。Part 1 包括4部分：变量/寄存器的声明和初始化、测试变量/寄存器的值、条件跳转和控制流、字符转换
• 2017.05 [secist] ShellCode入门（提取ShellCode）
• 2017.05 [secist] 任意程序添加ShellCode
• 2017.05 [abatchy] Linux/x86 - Disable ASLR Shellcode (71 bytes)
• 2017.04 [abatchy] Shellcode reduction tips (x86)
• 2017.03 [pediy] [原创][shellcode框架（一）] 认识shellcode，部署shellcode开放框架
• 2017.03 [360] 探索基于Windows 10的Windows内核Shellcode（Part 4）
• 2017.03 [improsec] Windows Kernel Shellcode on Windows 10 – Part 4 - There is No Code
• 2017.03 [360] 探索基于Windows 10的Windows内核Shellcode（Part 3）
• 2017.03 [360] 智能逃避IDS——RSA非对称多态SHELLCODE
• 2017.03 [4hou] Windows Shellcode学习笔记——Shellcode的提取与测试
• 2017.03 [improsec] Windows Kernel Shellcode on Windows 10 – Part 3
• 2017.03 [360] 探索基于Windows 10的Windows内核Shellcode（Part 2）
• 2017.03 [360] 探索基于Windows 10的Windows内核Shellcode（Part 1）
• 2017.03 [360] 反侦测的艺术part3：shellcode炼金术
• 2017.03 [4hou] Windows Shellcode学习笔记——栈溢出中对jmp esp的利用与优化
• 2017.03 [improsec] Windows Kernel Shellcode on Windows 10 – Part 2
• 2017.03 [4hou] Windows Shellcode学习笔记——shellcode在栈溢出中的利用与优化
• 2017.03 [3gstudent] Windows Shellcode学习笔记——栈溢出中对jmp esp的利用与优化
• 2017.03 [osandamalith] Shellcode to Scroll your Desktop Vertically and Horizontally
• 2017.03 [pediy] [原创]PE2Shellcode
• 2017.03 [3gstudent] Windows Shellcode学习笔记——栈溢出中对jmp esp的利用与优化
• 2017.02 [osandamalith] Shellcode to Scroll Your Desktop Horizontally
• 2017.02 [osandamalith] Shellcode to Invert Colors
• 2017.02 [improsec] Windows Kernel Shellcode on Windows 10 – Part 1
• 2017.02 [n0where] Shellcode Builder: Shell Factory
• 2017.02 [3gstudent] Windows Shellcode学习笔记——shellcode在栈溢出中的利用与优化
• 2017.02 [3gstudent] Windows Shellcode学习笔记——shellcode在栈溢出中的利用与优化
• 2017.02 [csyssec] X86 Shellcode代码混淆(一)
• 2017.02 [modexp] Shellcode: Dual Mode (x86 + amd64) Linux shellcode
• 2017.02 [3gstudent] Windows Shellcode学习笔记——shellcode的提取与测试
• 2017.02 [3gstudent] Windows Shellcode学习笔记——shellcode的提取与测试
• 2017.01 [modexp] Shellcode: Dual mode PIC for x86 (Reverse and Bind Shells for Windows)
• 2017.01 [modexp] Shellcode: Solaris x86
• 2017.01 [modexp] Shellcode: Mac OSX amd64
• 2017.01 [modexp] Shellcode: Resolving API addresses in memory
• 2017.01 [360] 远程漏洞利用：无需借助套接字的Shellcode
• 2016.12 [360] NC后门技术（shellcode版）
• 2016.12 [modexp] Shellcode: A Windows PIC using RSA-2048 key exchange, AES-256, SHA-3
• 2016.12 [360] 使用PLC作为payload/shellcode分发系统（含演示视频）
• 2016.12 [hexacorn] Shellcode. I’ll Call you back.
• 2016.12 [shelliscoming] Modbus Stager: Using PLCs as a payload/shellcode distribution system
• 2016.12 [venus] Shellcode Compiler - 一款易用的 Shellcode 编译工具
• 2016.11 [dist67] VBA Shellcode To Test EMET
• 2016.11 [sans] VBA Shellcode and EMET
• 2016.11 [msreverseengineering] Synesthesia: Modern Shellcode Synthesis (Ekoparty 2016 Talk)
• 2016.10 [360] 浅谈ASLR和Shellcode的那些事儿
• 2016.09 [dist67] Maldoc VBA: Shellcode
• 2016.09 [3gstudent] Study Notes Weekly No.2(Shellcode Via JScript & VBScript)
• 2016.09 [3gstudent] Study Notes Weekly No.2(Shellcode Via JScript & VBScript)
• 2016.08 [paloaltonetworks] VB Dropper and Shellcode for Hancitor Reveal New Techniques Behi
• 2016.08 [uaf] openCTF 2016 - tyro_shellcode2
• 2016.08 [uaf] openCTF 2016 - tyro_shellcode
• 2016.08 [osandamalith] Making your Shellcode Undetectable using .NET
• 2016.07 [sizzop] Kernel Hacking With HEVD Part 3 - The Shellcode
• 2016.06 [breakdev] X86 Shellcode Obfuscation - Part 3
• 2016.06 [paraschetal] Gracker level7 (Ghost in the Shellcode!)
• 2016.06 [mcafee] Threat Actors Employ COM Technology in Shellcode to Evade Detection
• 2016.06 [mcafee] Threat Actors Employ COM Technology in Shellcode to Evade Detection
• 2016.06 [modexp] Shellcode: Detection between Windows/Linux/BSD on x86 architecture
• 2016.05 [angelalonso] Malicious Excel documents with macros running shellcodes
• 2016.05 [hackingarticles] Hack Remote Windows 10 PC using Cypher (Adding Shellcode to PE files)
• 2016.05 [breakdev] X86 Shellcode Obfuscation - Part 2
• 2016.05 [breakdev] X86 Shellcode Obfuscation - Part 1
• 2016.04 [paraschetal] OWASP ZCR Shellcoder
• 2016.04 [modexp] Shellcode: FreeBSD / OpenBSD amd64
• 2016.03 [modexp] Shellcode: Linux amd64
• 2016.02 [ZeroNights] George Nosenko — Cisco IOS shellcode — all-in-one
• 2016.02 [freebuf] OWASP ZSC Shellcoder：定制个人专属Shellcode
• 2015.11 [pediy] [原创]我也发一个自己写的reverse_bind shellcode代码
• 2015.11 [autohacker] Android Shellcode Telnetd with Parameters
• 2015.09 [ly0n] Windows bind shell universal shellcode
• 2015.09 [ly0n] Windows bind shell universal shellcode
• 2015.09 [theevilbit] Creating OSX shellcodes
• 2015.09 [bigendiansmalls] Bind Shell – shellcode and source
• 2015.08 [ly0n] Windows reverse shell universal shellcode
• 2015.08 [ly0n] Windows reverse shell universal shellcode
• 2015.08 [ly0n] WinExec calc.exe universal shellcode
• 2015.08 [ly0n] WinExec calc.exe universal shellcode
• 2015.08 [n0where] OWASP ZeroDay Cyber Research Shellcoder
• 2015.07 [bigendiansmalls] Shellcode Freebie!
• 2015.07 [bigendiansmalls] Mainframe shellcode
• 2015.06 [sans] Detecting Shellcode Hidden in Malicious Files
• 2015.06 [tophertimzen] Shellcode Techniques in C++
• 2015.04 [govolution] Shifting from 32bit to 64bit Linux Shellcode
• 2015.04 [govolution] Dumping shellcode 64bit style
• 2015.04 [tophertimzen] Shellcode in .NET - How the PEB Changes
• 2015.03 [osandamalith] Running Shellcode in your Raspberry Pi
• 2014.12 [sans] Examining Shellcode in a Debugger through Control of the Instruction Pointer
• 2014.12 [zerosum0x0] x64 Egg-Hunter Shellcode Stager
• 2014.12 [zerosum0x0] x64 Linux Polymorphic execve() shellcode
• 2014.12 [zerosum0x0] x64 Shellcode One-Time Pad Crypter
• 2014.12 [zerosum0x0] x64 Linux Polymorphic forkbomb shellcode
• 2014.12 [zerosum0x0] x64 Linux Polymorphic read file shellcode
• 2014.12 [zerosum0x0] x64 Linux reverse TCP connect shellcode (75 to 83 bytes, 88 to 96 with password)
• 2014.12 [zerosum0x0] x64 Linux bind TCP port shellcode (80 bytes, 95 with password)
• 2014.12 [nebelwelt] Ghost in the Shellcode Teaser 2015: Lost To Time
• 2014.12 [tophertimzen] Windows x64 shellcode编写指南
• 2014.11 [pediy] [原创]史上最小无需重定位的"格盘"ShellCode
• 2014.11 [sans] Guest Diary: Didier Stevens - Shellcode Detection with XORSearch
• 2014.10 [MarcusNiemietz] Svetlana Gaivoronski - Shellcode detection techniques
• 2014.09 [pediy] [原创]根据一个通用的shellcode 还原的一段汇编代码
• 2014.07 [govolution] Shellcode Binder for Windows 64 Bit
• 2014.07 [osandamalith] shutdown -h now Shellcode
• 2014.06 [osandamalith] Chmod 0777 Polymorphic Shellcode
• 2014.05 [parsiya] Pasting Shellcode in GDB using Python
• 2014.04 [skullsecurity] Ghost in the Shellcode: fuzzy (Pwnage 301)
• 2014.03 [] Two shellcodes and a bit of code
• 2014.03 [zairon] Obfuscated shellcode inside a malicious RTF document
• 2014.02 [freebuf] 用C语言进一步优化Windows Shellcode
• 2014.02 [rapid7] Shellcode Golf: Every Byte is Sacred
• 2014.02 [govolution] Shellcode for deleting a file
• 2014.01 [govolution] SLAE: Shellcode read and send file
• 2014.01 [skullsecurity] Ghost in the Shellcode: gitsmsg (Pwnage 299)
• 2014.01 [govolution] SLAE Assignment 6: Polymorphic Shellcode
• 2014.01 [skullsecurity] Ghost in the Shellcode: TI-1337 (Pwnable 100)
• 2014.01 [pediy] [原创]揭示《shellcoder's handbook》中一个函数的运行机制
• 2013.12 [pediy] [原创]shellcode 版的 hello world
• 2013.12 [anti] A Shellter for your shellcode…
• 2013.12 [pediy] [原创]旧书重温：0day2[5]shellcode变形记
• 2013.11 [infosec42] [Shellcode] MIPS Little Endian Reverse Shell Shellcode (Linux)
• 2013.08 [v0ids3curity] Stdin reopen & execve /bin/sh shellcode for Linux/x86_64
• 2013.07 [infosec42] [Shellcode] MIPS Little Endian system() Shellcode
• 2013.06 [pediy] [原创]分享用C语言写ShellCode的技术应用--拦截系统记事本工具的保存菜单
• 2013.06 [pediy] [原创]分享用C语言写ShellCode的实现源码
• 2013.06 [jumpespjump] One-liner to only get the shellcode from objdump
• 2013.04 [pediy] [原创]新人ShellCode小总结,附带一个讨论问题
• 2013.03 [techorganic] Binary to shellcode
• 2013.02 [v0ids3curity] Ghost In The Shellcode 2013 CTF - Pwnable 100 - Question 8 Shiftd [Team xbios]
• 2013.01 [pediy] [原创]MAsM ShellCode 宏框架使用手册 CHM
• 2012.11 [offensive] Fun with AIX Shellcode and Metasploit
• 2012.11 [cawanblog] Design and Implementation of Token Stealing Kernel Shellcode for Windows 8
• 2012.11 [cawanblog] How To Build A Kernel Shellcode Design and Testing Platform For Windows 8 By Using Windbg
• 2012.10 [pediy] [原创]ShellCodeToAscii
• 2012.08 [pediy] [原创] Shellcode In X64-3 Test Your Shellcode
• 2012.08 [pediy] [原创]Shellcode In X64-2Search Function using hash
• 2012.08 [pediy] [原创]Shellcode In X64-1Find Kernel32.dll
• 2012.08 [rsa] Network detection of x86 buffer overflow shellcode
• 2012.07 [magictong] ShellCode的调试方法和常见问题的解决方法
• 2012.05 [pediy] [原创] 也学构造字母shellcode
• 2012.05 [joxeankoret] Embedding a shellcode in a PE file
• 2012.03 [] 文件类漏洞ShellCode的查找
• 2012.03 [sans] Phishing with obfuscated javascript, shellcode and malware
• 2012.01 [] Linux/x86 Polymorphic ShellCode – setuid(0)+setgid(0)+add user ‘iph’ without password to /etc/passwd
• 2011.11 [pediy] [原创]我的第一次vc转shellcode历程
• 2011.10 [dist67] White Hat Shellcode Workshop: Enforcing Permanent DEP
• 2011.08 [pediy] [原创]OllyDgb下的shellcode提取插件
• 2011.06 [pediy] [求助]在shellcode中遇到疑惑的浮点指令
• 2011.04 [pediy] [原创]Dadong's JSXX 0.39 VIP所用shellcode调试
• 2011.03 [purehacking] The Shellcode Lab - Black Hat Training Course
• 2011.01 [travisgoodspeed] Generic CC1110 Sniffing, Shellcode, and iClickers
• 2010.12 [pediy] [原创]shellcode框架，纯属娱乐
• 2010.11 [e] Hiding Shellcode in Plain Sight
• 2010.09 [pediy] [原创]众里寻他千百度----文件类漏洞ShellCode的查找
• 2010.05 [pediy] [原创]纯字母shellcode揭秘
• 2010.04 [pediy] [原创]基于shellcode感染方式的组合病毒研究
• 2010.03 [skullsecurity] Weaponizing dnscat with shellcode and Metasploit
• 2009.06 [heelan] Morphing shellcode using CFGs and SAT
• 2009.05 [heelan] Not all shellcode locations are made equal
• 2009.03 [pediy] [分享]贴一个MessageBox的shellcode
• 2009.01 [pediy] [原创]改写前辈的shellcode（delphi版）
• 2008.12 [edge] Shellcode2Exe
• 2008.11 [pediy] [原创]汇编打造最简单的shellcode
• 2008.09 [pediy] [原创]ShellCode Locator for IDA 5.2
• 2008.07 [pediy] [翻譯]SHELLCODE 設計解密
• 2008.07 [pediy] [原创]32字节的退出进程Shellcode
• 2008.07 [pediy] [原创]word 漏洞利用shellcode代码反汇编
• 2008.06 [pediy] [作品提交]ShellCode辅助工具
• 2008.05 [pediy] [原创]快速高效的写shellcode
• 2008.02 [pediy] [原创]shellcode之小小琢磨
• 2007.08 [pediy] [原创]完全不懂shellcode解第二阶段第一题
• 2007.03 [pediy] 《The Shellcoder's handbook》第十九章_二进制审计：Hacking不公开源码的软件
• 2007.02 [pediy] 《The Shellcoder's handbook》第十八章_跟踪漏洞
• 2007.02 [pediy] [注意]《The Shellcoder's Handbook》中的笔误
• 2007.02 [pediy] 《The Shellcoder's handbook》第十七章_Instrumented Investigation:手工的方法
• 2007.02 [pediy] 《The Shellcoder's handbook》第十六章_源码审计：在C-Based 语言里寻找漏洞
• 2007.02 [pediy] 《The Shellcoder's handbook》第十五_Fuzzing的技巧
• 2007.01 [pediy] 《The Shellcoder's handbook》第十三章_建立工作环境
• 2007.01 [pediy] 《The Shellcoder's handbook》第十二章_破解HP Tru64 Unix
• 2007.01 [pediy] 《The Shellcoder's handbook》第十一章_高级 Solaris 破解
• 2007.01 [pediy] 《The Shellcoder's handbook》第十章_Solaris 破解入门
• 2006.12 [pediy] 《The Shellcoder's handbook》第九章_战胜过滤器
• 2006.12 [pediy] 《The Shellcoder's handbook》第八章_Windows 溢出
• 2006.12 [pediy] 来看看WINRAR溢出漏洞吧,写个SHELLCODE就可以捆绑程序[注意]
• 2006.12 [pediy] 《The Shellcoder's handbook》第七章_Windows Shellcode
• 2006.12 [pediy] 《The Shellcoder's handbook》翻译汇总及勘误
• 2006.12 [pediy] 《The Shellcoder's handbook》第六章_Windows的广阔原野
• 2006.11 [em386] Sysenter shellcode
• 2006.11 [pediy] 《The Shellcoder's handbook》第五章_堆溢出
• 2006.11 [pediy] 《The Shellcoder's handbook》第四章_格式化串漏洞
• 2006.11 [pediy] 《The Shellcoder's handbook》第三章_Shellcode
• 2006.10 [pediy] 《The Shellcoder's handbook》第二章_栈溢出
• 2006.10 [pediy] 《The Shellcoder's handbook》第一章_在开始之前
• 2006.10 [pediy] [原创]小议shellcoder
• 2006.04 [pediy] [原创]常用ShellCode Hash算法-Delphi内镶BASM
• 2005.01 [pediy] shellcode和我写的一个例子

贡献

内容为系统自动导出, 有任何问题请提issue