Discover @mobdk Open Source projects

mobdk

Stars
729
Global Rank 41,091 (Top 2 %)
Followers 155
Following 3
Registered almost 7 years ago
Most used languages

C#
87.0 %

C++
4.3 %

HTML
4.3 %

VBA 4.3 %

CopyCat

Simple rapper for Mimikatz, bypass Defender

139

Upsilon

Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used

CloneProcess

Clone running process with ZwCreateProcess

Zeta

Using "svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc" as trigger

WinBoost

Execute Mimikatz with different technique

Core

Core bypass Windows Defender and execute any binary converted to shellcode

HideCode

Hide code from dnSpy and other C# spying tools

CoreClass

Mimikatz embedded as classes

WinSpoof

Use TpAllocWork, TpPostWork and TpReleaseWork to execute machine code

NewShell

Reverse shell without Windows cmd.exe, using ReactOS cmd.dll as shellcode

C++

Sigma

Execute shellcode with ZwCreateSection, ZwMapViewOfSection, ZwOpenProcess, ZwMapViewOfSection and ZwCreateThreadEx

winNoise

Execute embedded Mimikatz

VBA-DLL-WMI-EXECUTION

Call your own DLL from VBA and execute code under process svchost.exe with WMI

ExecuteShellcodeWithSyscalls

Execute shellcode with syscalls from C# .dll

CallBack

Execute Mimikatz in shellcode format, uses native API VirtualAlloc and EnumSystemGeoID

LoadDLLFromFileAndConvertToShellcode

Load DLL or EXE file and convert to shellcode at runtime

zCore

Optimized version, Nt/ZwProtectVirtualMemory has been removed with every syscall.

compilecs

Use build-in compiler csc.exe and other tools to insert entrypoint

WinTimer

Wrapper for Mimikatz with delayed execution

Files

HTML

FiberShellcodeSyscall

Using syscall when possible, ZwAllocateVirtualMemory, ZwProtectVirtualMemory and ZwWriteVirtualMemory

ObfuscateTest

Obfuscate C# source code, so the relationship between the definition and the function call, cannot be detected (not at runtime)

RemoteCat

MimiRunner

Run Mimikatz with ReactOS cmd.exe

InjectShellcodeWithAPC

Simple yet effective shellcode injection with QueueUserAPC

NewShellCS

Execute reverse shell without cmd.exe and uses syscalls from C#

DLLloaderCS

Load 32bit .DLL payload fra C#

Epsilon

In this PoC I am addressing the timer issue that exist in Defender

ClassAsShellcode

This PoC uses C# Class name as shellcode

SVCHOSTEXE

Execute shellcode with svchost.exe -k LocalSystemNetworkResticted

WordVBAPayload

Create Word VBA payload that self-destruction at runtime

VBA

TCPClientReverseShellCS

C# reverse shell using TCPClient

ExecuteVBAwithRtlMoveMemory

Execute your VBA macro with RtlMoveMemory only

CSharpInlineAssembly

Execute inline assembly from C#

ShellcodeAndSvchost

Inject your shellcode into svchost

Omega

Use syscalls ZwCreateSection and ZwMapViewOfSection and GetDelegateForFunctionPointer

HijackCS

Hijack your own process or other, use syscall NtWriteVirtualMemory and NtAllocateVirtualMemory to stay undetected

CSharpPowershellRunspace

Inject 64 bit .dll from CSharp and Powershell runspace

APCinjectCS

Simple shellcode injetion with APC and syscalls

InstallutilInject

Execute .dll with MS InstallUtil.exe

VBAShellCodeCallFuncInDLL

Shellcode

Alternative version

TriggerExecutionTasks

Trigger execution of tasks.dll from C# calling embedded JavaScript

ProcessFinder

Find process and startup arguments with syscalls

ProtectingCodeWith-MITIGATION_POLICY

Protect your code with a mitigation policy that prevent non Microsoft signed code to inject for inspection

BinBAT

Create payload that is both binary and batch file at the same time (Windows)

SimpleCodeExecution

Execute tasks.dll with minimum of code

DllHijackCS

.DLL based hijack

FiberShellcode

Execute shellcode with Fiber

mobdk

Top repositories