S3N4T0R-0X0 / Malicious-PixelCodeLinks
Malicious PixelCode is a security research project that demonstrates a covert technique for encoding executable files into pixel data and storing them inside images or videos. A lightweight loader retrieves the media file, reconstructs the original binary and executes it in memory. This project highlights unconventional data delivery.
☆86Updated 3 weeks ago
Alternatives and similar repositories for Malicious-PixelCode
Users that are interested in Malicious-PixelCode are comparing it to the libraries listed below
Sorting:
- Scripts I use to deploy Havoc on Linode and setup categorization and SSL☆42Updated last year
- this script adds the ability to encode shellcode (.bin) in XOR,chacha20, AES. You can choose between 2 loaders (Myph / 221b)☆83Updated last year
- ☆152Updated 7 months ago
- ☆59Updated last year
- ☆94Updated 10 months ago
- PowerShell script to generate ShellCode in various formats☆46Updated last year
- A C# tool for requesting certificates from ADCS using DCOM over SMB. This tool allows you to remotely request X.509 certificates from CA …☆157Updated last month
- Dump processes over WMI with MSFT_MTProcess☆80Updated 2 months ago
- ☆57Updated 9 months ago
- Pure PowerShell port of PassTheCert tool to authenticate to an LDAP/S server with a certificate through Schannel☆51Updated 8 months ago
- Opsec tool for finding user sessions by analyzing event log files through RPC (MS-EVEN)☆76Updated last year
- ☆86Updated 7 months ago
- A GUI wrapper inside of Havoc to interact with bloodhound CE☆71Updated last year
- Inject RDPThief into memory with PowerShell.☆65Updated 10 months ago
- Two in one, patch lifetime powershell console, no more etw and amsi!☆99Updated 7 months ago
- Extract SAM and SYSTEM using Volume Shadow Copy (VSS) API. With multiple exfiltration options and XOR obfuscation☆201Updated last month
- Uses rpcdump to locate the ADCS server, and identify if ESC8 is vulnerable from unauthenticated perspective.☆83Updated last year
- Example code samples from our ScriptBlock Smuggling Blog post☆92Updated last year
- This is a GRE PoC code for Talks: From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial Access and Evasion☆90Updated 3 months ago
- Permanently disable EDRs as local admin☆122Updated 2 months ago
- An impacket-lite cli tool that combines many useful impacket functions using a single session.☆56Updated 2 months ago
- A BOF to retrieve decryption keys for WhatsApp Desktop and a utility script to decrypt the databases.☆87Updated 9 months ago
- Phishing Framework for OTP codes☆45Updated 3 weeks ago
- (MeetC2 a.k.a Meeting C2) - A framework abusing Google Calendar APIs.☆125Updated 3 months ago
- Launches a limited shell using PowerShell Runspaces with an optional AMSI Bypass. Does not invoke Powershell.exe☆13Updated 2 years ago
- Lateral Movement☆125Updated 2 years ago
- A tool to abuse weak permissions of Active Directory Discretionary Access Control Lists (DACLs) and Access Control Entries (ACEs)☆61Updated 5 months ago
- POCs for CVE-2025-50154 and CVE-2025-59214, zero day vulnerabilities on windows file explorer disclosing NTLMv2-SSP without user interact…☆45Updated last month
- .NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS☆150Updated 10 months ago
- Morpheus is an lsass stealer that extracts lsass.exe in RAM and exfiltrates it via forged and crypted NTP packets. For authorized testin…☆120Updated 5 months ago