Monomorph – MD5-Monomorphic Shellcode Packer – All Payloads Have The Same MD5 Hash

════════════════════════════════════╦═══ ╔═╦═╗ ╔═╗ ╔═╗ ╔═╗ ╔═╦═╗ ╔═╗ ╔══╔═╗ ╠═╗ ═╩ ╩ ╩═╚═╝═╩ ╩═╚═╝═╩ ╩ ╩═╚═╝═╩ ╠═╝═╩ ╩═ ════════════════════════════════╩═══════ By Retr0id ═══ MD5-Monomorphic Shellcode Packer ═ ══ USAGE: python3 input_file output_file [payload_file] What does it do? It packs up to 4KB of compressed shellcode into an executable binary, near-instantly. The output file will always haveRead More

laZzzy – Shellcode Loader, Developed Using Different Open-Source Libraries, That Demonstrates Different Execution Techniques

[*] laZzzy is a shellcode loader that demonstrates different execution techniques commonly employed by malware. laZzzy was developed using different open-source header-only libraries. Features Direct syscalls and native (Nt*) functions (not all functions but most) Import Address Table (IAT) evasion Encrypted payload (XOR and AES) Randomly generated key Automatic padding (if necessary) of payload withRead More

FUD-UUID-Shellcode – Another shellcode injection technique using C++ that attempts to bypass Windows Defender using XOR encryption sorcery and UUID strings madness

Introduction Another shellcode injection technique using C++ that attempts to bypass Windows Defender using XOR encryption sorcery and UUID strings madness :). How it works Shellcode generation Firstly, generate a payload in binary format( using either CobaltStrike or msfvenom ) for instance, in msfvenom, you can do it like so( the payload I’m using isRead More

SharpImpersonation – A User Impersonation Tool – Via Token Or Shellcode Injection

This was a learning by doing project from my side. Well known techniques are used to built just another impersonation tool with some improvements in comparison to other public tools. The code base was taken from: A blog post for the intruduction can be found here: List user processes PS > PS C:temp>Read More

Nim-Loader – WIP Shellcode Loader In Nim With EDR Evasion Techniques

a very rough work-in-progress adventure into learning nim by cobbling resources together to create a shellcode loader that implements common EDR/AV evasion techniques. This is a mess and is for research purposes only! Please don’t expect it to compile and run without your own modifications. Instructions Replace the byte array in loader.nim with your ownRead More

SharpEventPersist – Persistence By Writing/Reading Shellcode From Event Log

Persistence by writing/reading shellcode from Event Log. Usage The SharpEventPersist tool takes 4 case-sensitive parameters: -file “C:pathtoshellcode.bin” -instanceid 1337 -source Persistence -eventlog “Key Management Service”. The shellcode is converted to hex and written to the “Key Management Service”, event level is set to “Information” and source is “Persistence”. Run the SharpEventLoader tool to fetch shellcodeRead More

NimPackt-v1 – Nim-based Assembly Packer And Shellcode Loader For Opsec And Profit

By Cas van Cooten (@chvancooten) With special thanks to Marcello Salvati (@byt3bl33der) and Fabian Mosch (@S3cur3Th1sSh1t) Description Update: NimPackt-v1 is among the worst code I have ever written (I was just starting out learning Nim). Because of this, I started on a full rewrite of NimPackt, dubbed ‘NimPackt-NG’ (currently still private). With this re-write, IRead More

Nimcrypt2 – .NET, PE, And Raw Shellcode Packer/Loader Written In Nim

Nimcrypt2 is yet another PE packer/loader designed to bypass AV/EDR. It is an improvement on my original Nimcrypt project, with the main improvements being the use of direct syscalls and the ability to load regular PE files as well as raw shellcode. Before going any further, I must acknowledge those who did the VAST majorityRead More

ShellcodeTemplate – An Easily Modifiable Shellcode Template For Windows X64/X86

An easily modifiable shellcode template for Windows x64/x86 How does it work? This template is heavily based on Austin Hudson’s (aka SecIdiot) TitanLdr It compiles the project into a PE Executable and extracts the .text section Example The entrypoint of the shellcode looks like this. Of course, this can be changed for your need. FirstRead More