Hades is a proof of concept loader that combines several evasion technques with the aim of bypassing the defensive mechanisms commonly used by modern AV/EDRs. Usage The easiest way, is probably building the project on Linux using make. git clone https://github.com/f1zm0/hades && cd hadesmake Then you can bring the executable to a x64 Windows hostRead More
File Upload Restrictions Bypass, By Using Different Bug Bounty Techniques! POC video: File upload restrictions bypass by using different bug bounty techniques! Tool must be running with all its assets! Installation: pip3 install -r requirements.txt Usage: upload_bypass.py [options] Options: -h, –help show this help message and exit -u URL, –url=URL Supply the login page, forRead More
[*] laZzzy is a shellcode loader that demonstrates different execution techniques commonly employed by malware. laZzzy was developed using different open-source header-only libraries. Features Direct syscalls and native (Nt*) functions (not all functions but most) Import Address Table (IAT) evasion Encrypted payload (XOR and AES) Randomly generated key Automatic padding (if necessary) of payload withRead More
Hunt & Hackett presents a set of tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows. Here you will find explanations of how these techniques work, receive advice on detection, and get sample source code for testing your detection coverage. Content This repository covers two classes of attacking techniquesRead More
a very rough work-in-progress adventure into learning nim by cobbling resources together to create a shellcode loader that implements common EDR/AV evasion techniques. This is a mess and is for research purposes only! Please don’t expect it to compile and run without your own modifications. Instructions Replace the byte array in loader.nim with your ownRead More
FrostByte Progolue: In the past few days I’ve been experimenting with the AppDomain manager injection technique had a decent success with it in my previous Red Team engagements against certain EDRs. Although, this is really good for initial access vector, I wanted to release a POC which will help hiding your shellcode elsewhere. No moreRead More
Chain Reactor is an open-source tool for testing detection and response coverage on Linux machines. The tool generates executables that simulate sequences of actions like process creation and network connection. Chain Reactor assumes no prior engineering experience; the tool consumes JSON, so customizing its behavior is as simple as editing a file. Get started ForRead More
This utility focuses on shellcode injection techniques to demonstrate methods that malware may use to execute shellcode on a victim system Dynamically resolves API functions to evade IAT inclusion Includes usage of undocumented NT Windows API functions Supports local shellcode execution via CreateThread Supports remote shellcode execution via CreateRemoteThread Supports local shellcode injection via QueueUserAPCRead More
This repository is an accumulation of my code snippets for various shellcode injection techniques using fantastic D/Invoke API by @TheWover and @FuzzySecurity. Features: Fully ported to D/Invoke API Encrypted payloads which can be invoked from a URL or passed in base64 as an argument Built-in AMSI bypass PPID spoofing and block non-Microsoft DLLs (stolen fromRead More
This project is a simple collection of various shell code injection techniques, aiming to streamline the process of endpoint detection evaluation, beside challenging myself to get into Golang world. Installation 1 – Requires go installed. 2 – Build the application from the project’s directory: go build. Set GOOS=windows if the build system is not Windows.Read More
