Extracts TEXT section of a PE, ELF, or Mach-O executable to shellcode
☆105May 5, 2023Updated 2 years ago
Alternatives and similar repositories for exec2shell
Users that are interested in exec2shell are comparing it to the libraries listed below
Sorting:
- easy dll proxying in go☆14Apr 24, 2022Updated 3 years ago
- Small utility package for manipulating Windows process tokens☆26Apr 26, 2022Updated 3 years ago
- C# POC to extract NetNTLMv1/v2 hashes from ETW provider☆258May 10, 2023Updated 2 years ago
- Beacon Object Files used for Cobalt Strike☆19Jul 18, 2023Updated 2 years ago
- Lockless BOF☆79May 2, 2025Updated 10 months ago
- 这是一个shellcode简单的示例demo,使目标exe程序转换为shellcode可执行程序的一个demo【并不打算后期维护】,两年前写的,我发现被工作磨平了对技术的探索,今天翻到发现的。☆11Sep 23, 2023Updated 2 years ago
- In-memory sleep encryption and heap encryption for Go applications through a shellcode function.☆40Jan 14, 2024Updated 2 years ago
- ☆101Oct 7, 2023Updated 2 years ago
- A work in progress BOF/COFF loader in Rust☆50Mar 22, 2023Updated 2 years ago
- ☆128Jun 28, 2023Updated 2 years ago
- Execute unmanaged Windows executables in CobaltStrike Beacons☆715Mar 4, 2023Updated 3 years ago
- desktop screenshot☆29Apr 26, 2023Updated 2 years ago
- Really stupid re-implementation of invoke-wmiexec☆217Feb 25, 2023Updated 3 years ago
- Shellcode reflective DLL injection in Rust☆27Dec 26, 2025Updated 2 months ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆66May 2, 2023Updated 2 years ago
- ☆83Nov 1, 2023Updated 2 years ago
- bof-launcher - a library for loading, executing and in-memory masking BOFs on Windows (x64, x86) and Linux (x64, x86, aarch64, arm). Read…☆305Updated this week
- A rust library that allows you to host the CLR and execute dotnet binaries.☆236Mar 12, 2025Updated last year
- ☆44Oct 16, 2023Updated 2 years ago
- ☆123Oct 9, 2023Updated 2 years ago
- Encrypt embedded go files using age.☆49Oct 21, 2021Updated 4 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- indirect syscalls for AV/EDR evasion in Go assembly☆379Jun 13, 2023Updated 2 years ago
- ☆88Jun 17, 2023Updated 2 years ago
- Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2☆293Jul 15, 2023Updated 2 years ago
- Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level☆234Oct 18, 2022Updated 3 years ago
- ☆51Aug 28, 2021Updated 4 years ago
- Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.☆278Apr 17, 2023Updated 2 years ago
- Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctype…☆130Sep 27, 2023Updated 2 years ago
- Load and execute COFF files and Cobalt Strike BOFs in-memory☆226Sep 13, 2022Updated 3 years ago
- Load and execute a common object file format (COFF) in the current process☆32Mar 9, 2024Updated 2 years ago
- Shikata ga nai (仕方がない) encoder ported into go with several improvements☆32Jan 28, 2026Updated last month
- Keyhack - Golang API token/webhook validator☆16Mar 20, 2025Updated last year
- A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk☆473Jul 6, 2024Updated last year
- 基于golang实现的impacket☆246Aug 28, 2023Updated 2 years ago
- Reflective DLL loading of your favorite Golang program☆173Jan 27, 2020Updated 6 years ago
- SyscallLoader☆11Sep 13, 2021Updated 4 years ago
- It's a go variant of Hells gate! (directly calling windows kernel functions, but from Go!)☆527Oct 12, 2022Updated 3 years ago
- Terminate AV/EDR Processes using kernel driver☆352Jun 12, 2023Updated 2 years ago