There are no reviews yet. Be the first to send feedback to the community and the maintainers!
CopyCat
Simple rapper for Mimikatz, bypass DefenderUpsilon
Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is usedCloneProcess
Clone running process with ZwCreateProcessZeta
Using "svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc" as triggerWinBoost
Execute Mimikatz with different techniqueCore
Core bypass Windows Defender and execute any binary converted to shellcodeHideCode
Hide code from dnSpy and other C# spying toolsCoreClass
Mimikatz embedded as classesWinSpoof
Use TpAllocWork, TpPostWork and TpReleaseWork to execute machine codeNewShell
Reverse shell without Windows cmd.exe, using ReactOS cmd.dll as shellcodeSigma
Execute shellcode with ZwCreateSection, ZwMapViewOfSection, ZwOpenProcess, ZwMapViewOfSection and ZwCreateThreadExwinNoise
Execute embedded MimikatzVBA-DLL-WMI-EXECUTION
Call your own DLL from VBA and execute code under process svchost.exe with WMIExecuteShellcodeWithSyscalls
Execute shellcode with syscalls from C# .dllCallBack
Execute Mimikatz in shellcode format, uses native API VirtualAlloc and EnumSystemGeoIDLoadDLLFromFileAndConvertToShellcode
Load DLL or EXE file and convert to shellcode at runtimezCore
Optimized version, Nt/ZwProtectVirtualMemory has been removed with every syscall.compilecs
Use build-in compiler csc.exe and other tools to insert entrypointWinTimer
Wrapper for Mimikatz with delayed executionFiles
FiberShellcodeSyscall
Using syscall when possible, ZwAllocateVirtualMemory, ZwProtectVirtualMemory and ZwWriteVirtualMemoryObfuscateTest
Obfuscate C# source code, so the relationship between the definition and the function call, cannot be detected (not at runtime)RemoteCat
MimiRunner
Run Mimikatz with ReactOS cmd.exeInjectShellcodeWithAPC
Simple yet effective shellcode injection with QueueUserAPCNewShellCS
Execute reverse shell without cmd.exe and uses syscalls from C#DLLloaderCS
Load 32bit .DLL payload fra C#Epsilon
In this PoC I am addressing the timer issue that exist in DefenderClassAsShellcode
This PoC uses C# Class name as shellcodeSVCHOSTEXE
Execute shellcode with svchost.exe -k LocalSystemNetworkRestictedWordVBAPayload
Create Word VBA payload that self-destruction at runtimeExecuteVBAwithRtlMoveMemory
Execute your VBA macro with RtlMoveMemory onlyCSharpInlineAssembly
Execute inline assembly from C#ShellcodeAndSvchost
Inject your shellcode into svchostOmega
Use syscalls ZwCreateSection and ZwMapViewOfSection and GetDelegateForFunctionPointerHijackCS
Hijack your own process or other, use syscall NtWriteVirtualMemory and NtAllocateVirtualMemory to stay undetectedCSharpPowershellRunspace
Inject 64 bit .dll from CSharp and Powershell runspaceAPCinjectCS
Simple shellcode injetion with APC and syscallsInstallutilInject
Execute .dll with MS InstallUtil.exeVBAShellCodeCallFuncInDLL
Shellcode
Alternative versionTriggerExecutionTasks
Trigger execution of tasks.dll from C# calling embedded JavaScriptProcessFinder
Find process and startup arguments with syscallsProtectingCodeWith-MITIGATION_POLICY
Protect your code with a mitigation policy that prevent non Microsoft signed code to inject for inspectionBinBAT
Create payload that is both binary and batch file at the same time (Windows)SimpleCodeExecution
Execute tasks.dll with minimum of codeDllHijackCS
.DLL based hijackFiberShellcode
Execute shellcode with FiberLove Open Source and this site? Check out how you can help us