thefLink / C-To-Shellcode-Examples
☆191Updated 3 years ago
Alternatives and similar repositories for C-To-Shellcode-Examples:
Users that are interested in C-To-Shellcode-Examples are comparing it to the libraries listed below
- Building and Executing Position Independent Shellcode from Object Files in Memory☆154Updated 4 years ago
- Load and execute COFF files and Cobalt Strike BOFs in-memory☆207Updated 2 years ago
- Exploring in-memory execution of .NET☆136Updated 2 years ago
- Experiment on reproducing Obfuscate & Sleep☆141Updated 3 years ago
- Beacon Object File Loader☆282Updated last year
- ☆160Updated 3 years ago
- Cobalt Strike User Defined Reflective Loader (UDRL). Check branches for different functionality.☆135Updated 2 years ago
- A PoC implementation for dynamically masking call stacks with timers.☆263Updated last year
- You shall pass☆253Updated 2 years ago
- The code is a pingback to the Dark Vortex blog:☆169Updated 2 years ago
- x64 Assembly HalosGate direct System Caller to evade EDR UserLand hooks☆200Updated last year
- BOF combination of KillDefender and Backstab☆163Updated last year
- Cobalt Strike (CS) Beacon Object File (BOF) for kernel exploitation using AMD's Ryzen Master Driver (version 17).☆135Updated 2 years ago
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…☆169Updated last year
- Evasive Process Hollowing Techniques☆135Updated 4 years ago
- WTSRM☆206Updated 2 years ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆132Updated 2 years ago
- Remove API hooks from a Beacon process.☆265Updated 3 years ago
- Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL…☆162Updated last year
- EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and e…☆271Updated last year
- Shellcode Loader with Indirect Dynamic syscall Implementation , shellcode in MAC format, API resolving from PEB, Syscall calll and syscal…☆309Updated last year
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆184Updated last year
- An implementation and proof-of-concept of Process Forking.☆222Updated 3 years ago
- Beacon Object File (BOF) for remote process injection via thread hijacking☆203Updated 4 years ago
- The code is a pingback to the Dark Vortex blog: https://0xdarkvortex.dev/hiding-memory-allocations-from-mdatp-etwti-stack-tracing/☆174Updated 2 years ago
- Writeup of Payload Techniques in C involving Mutants, Session 1 -> Session 0 migration, and Self-Deletion of payloads.☆124Updated 2 years ago
- CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process inject…☆231Updated 2 years ago
- Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2☆179Updated 2 years ago
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆185Updated 7 months ago
- ☆110Updated 2 years ago