kleiton0x00/RemoteShellcodeExec kleiton0x00/RemoteShellcodeExec

  • Stars
    star
    215
  • Rank 178,001 (Top 4 %)
  • Language
    C
  • Created about 1 year ago
  • Updated 11 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
kleiton0x00/RemoteShellcodeExec
github

kleiton0x00

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Execute shellcode from a remote-hosted bin file using Winhttp.

RemoteShellcodeExec

A simple PoC of executing shellcode from a remote-hosted bin file using Winhttp. This is demo of the relevant blog post: Shellcodes are dead, long live fileless shellcodes.

TL;DR

  • Executing the shellcode from a remote-hosted server, will make the executable file itself drastically reduce it's entropy.
  • Implemented a simple heap encryption, to avoid the shellcode being visible
  • Profit (0/26 detections)

Demo

U8LjkcA.mp4

Credits

https://decoded.avast.io/threatintel/decoding-cobalt-strike-understanding-payloads/
https://twitter.com/teamcymru_S2/status/1604091964386705409
https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection

More Repositories

1

Advanced-SQL-Injection-Cheatsheet

A cheat sheet that contains advanced queries for SQL Injection of all types.
2,566
star
2

ppmap

A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.
Go
446
star
3

Proxy-DLL-Loads

A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
C
271
star
4

XSScope

XSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.
HTML
268
star
5

RedditC2

Abusing Reddit API to host the C2 traffic, since most of the blue-team members use Reddit, it might be a great way to make the traffic look legit.
Python
250
star
6

Shelltropy

A technique of hiding malicious shellcode via Shannon encoding.
Assembly
240
star
7

CORS-one-liner

A one liner Bash command which finds CORS in every possible endpoint.
113
star
8

HTTP-Smuggling-Calculator

Perform TE.CL HTTP Request Smuggling attacks by crafting HTTP Request automatically.
Python
67
star
9

CRLF-one-liner

A simple Bash one liner with aim to automate CRLF vulnerability scanning.
65
star
10

Todesstern

A simple mutator engine which focuses on finding unknown classes of injection vulnerabilities
Python
41
star
11

kleiton0x00.github.io

SCSS
10
star
12

kleiton0x00

2
star