Matryoshka loader is a tool that red team operators can leverage to generate shellcode for Microsoft Office document phishing payloads.
☆43May 24, 2021Updated 4 years ago
Alternatives and similar repositories for Matryoshka
Users that are interested in Matryoshka are comparing it to the libraries listed below
Sorting:
- Trigen is a Python script which uses different combinations of Win32 function calls in generated VBA to execute shellcode.☆203Jul 2, 2017Updated 8 years ago
- Proof-of-Concept to evade auditd by tampering via ptrace☆19Aug 3, 2023Updated 2 years ago
- ☆15Aug 17, 2023Updated 2 years ago
- Collection of tools to use with Azure Applications☆112Oct 13, 2023Updated 2 years ago
- Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL☆23Aug 27, 2022Updated 3 years ago
- load dumped csharp binaries as assemblies and launch them in memory☆28Feb 9, 2024Updated 2 years ago
- ☆15Aug 22, 2022Updated 3 years ago
- SharpASM is a C# project that aims to automate ASM (i.e. shellcode) execution in .NET programs by exploiting code caves in RWX sections a…☆59May 23, 2022Updated 3 years ago
- ☆210Nov 28, 2023Updated 2 years ago
- List of Awesome Excel4.0/XLM tricks and functions useful for Red Team and Blue Team. This list is for anyone wishing to learn about Excel…☆37Apr 27, 2021Updated 4 years ago
- Citrix Phishlet☆24Feb 2, 2021Updated 5 years ago
- Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level☆234Oct 18, 2022Updated 3 years ago
- ☆92Aug 23, 2021Updated 4 years ago
- Running .NET from VBA☆148Feb 11, 2023Updated 3 years ago
- A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or pro…☆275May 3, 2023Updated 2 years ago
- LittleCorporal: A C# Automated Maldoc Generator☆228Jul 30, 2021Updated 4 years ago
- Win32 keylogger that supports all (non-ime using) languages correctly☆53Dec 21, 2023Updated 2 years ago
- POC tool to convert CobaltStrike BOF files to raw shellcode☆220Nov 5, 2021Updated 4 years ago
- Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations☆160Mar 1, 2024Updated 2 years ago
- TCP Port Redirection Utility☆762Jan 31, 2023Updated 3 years ago
- Section Mapping Process Injection (secinject): Cobalt Strike BOF☆102Jan 7, 2022Updated 4 years ago
- Template-based generation of shellcode loaders☆80Apr 20, 2024Updated last year
- CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)☆300Sep 28, 2021Updated 4 years ago
- Malicious Shortcut(.lnk) Generator☆86Nov 23, 2018Updated 7 years ago
- Beacon Object File implementation of Event Viewer deserialization UAC bypass☆133May 6, 2022Updated 3 years ago
- My implementation of the GIUDA project in C++☆189Jul 25, 2023Updated 2 years ago
- A C# implementation of dumping credentials from Windows Credential Manager☆62Sep 23, 2023Updated 2 years ago
- DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable☆60Dec 15, 2023Updated 2 years ago
- Spoofing signatures in Office Open XML Documents (Word, Excel, Powerpoint)☆26Nov 19, 2022Updated 3 years ago
- Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers t…☆456Oct 25, 2021Updated 4 years ago
- A fake AMSI Provider which can be used for persistence.☆156May 16, 2021Updated 4 years ago
- Enumerate Domain Users Without Authentication☆282Apr 22, 2025Updated 10 months ago
- Example of running C3 (https://github.com/FSecureLABS/C3) in a Docker container☆27Oct 24, 2021Updated 4 years ago
- Tricks the target into enabling content (macros) with fake messages. Once enabled, uses macros to reduce the risk of suspision from targe…☆172Mar 12, 2025Updated 11 months ago
- .NET tool used to enrich RPC telemetry☆101Jan 24, 2026Updated last month
- ☆39Sep 25, 2023Updated 2 years ago
- WNF Code Execution Library Using C#☆110May 18, 2020Updated 5 years ago
- This project is an implant framework designed for long term persistent access to Windows machines.☆108Sep 22, 2023Updated 2 years ago
- C# porting of SysWhispers2. It uses SharpASM to find the code caves for executing the system call stub.☆111Apr 14, 2023Updated 2 years ago