killvxk
Follow
Shellcode
Load and execute COFF files and Cobalt Strike BOFs in-memory
Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven
yet another sleep encryption thing. also used the default github repo name for this one.
Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
[ BOF-LAUNCHER ] -> an API for loading, executing and in-memory masking BOFs on Windows and Linux for use in C/Zig/Go/Rust agents/implants. [ Z-BEAC0N ] -> a custom-written stage-1 (aka pre-C2) sol…
Splitting and executing shellcode across multiple pages
Windows x64 kernel mode rootkit process hollowing POC.
Achieving code execution through abusing vectored exception handling
Manually perform syscalls without going through any external API or DLL.
Dynamically generated obfuscated jumps and/or function calls
Heuristically recover relocations and imports from module memory dumps
Walks the CFG bitmap to find previously executable but currently hidden shellcode regions
Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections
Implementation of several code injection techniques.
That guy uses python to bypass anti-virus, goddamn!基于python pyd的shellcode免杀绕过
A memory-based evasion technique which makes shellcode invisible from process start to end.
shellcode免杀加载器,使用go实现,免杀bypass火绒、360、核晶、def等主流杀软
Implementation of Advanced Module Stomping and Heap/Stack Encryption
Your Windows syscall hooking factory - feat Canterlot's Gate - All accessible over MCP
Another approach of Threadless injection discovered by @_EthicalChaos_ in c that loads a module into the target process and stomps it, and reverting back memory protections and original memory state
A stealthy ELF loader - no files, no execve, no RWX