NixImports A .NET malware loader, using API-Hashing and dynamic invoking to evade static analysis. NixImports aims to build a loader with little to no direct function calls and reduce referenced...
Html Smuggling HTML smuggling is a malicious technique used by hackers to hide malware payloads in an encoded script in a specially crafted HTML attachment or web page. The malicious...
PE-Obfuscator PE obfuscator with Evasion in mind needs Admin Privilege in order to load the RTCore64 driver. The Obfuscator: – Gets xored Fileless PE from a remote server – Drop...
RecycledInjector (Currently) Fully Undetected same-process native/.NET assembly shellcode injector based on RecycledGate by thefLink, which is also based on HellsGate + HalosGate + TartarusGate to ensure undetectable native syscalls even if one...
ShellGhost A memory-based evasion technique which makes shellcode invisible from process start to end. Handling the Thread Execution Flow ShellGhost relies on Vectored Exception Handling in combination with software breakpoints...
Sshimpanzee Sshimpanzee allows you to build a static reverse ssh server. Instead of listening on a port and waiting for connections, the ssh server will initiate a reverse connection to the attacker’s ip, just...
Freeze.rs Freeze.rs is a payload creation tool used for circumventing EDR security controls to execute shellcode in a stealthy manner. Freeze.rs utilizes multiple techniques to not only remove Userland EDR...
SharpFtpC2 SharpFtpC2 is a small, experimental project aimed at exploring the possibility of using FTP(S) for relaying commands and responses between two remote computers. It employs the FTP protocol as...
PythonMemoryModule pure-python implementation of MemoryModule technique to load a dll or unmanaged exe entirely from memory PythonMemoryModule is a Python ctypes porting of the MemoryModule technique originally published by Joachim Bauch. It can...
EPI EPI (Entry Point Injection) is a tool that leverages a new threadless process injection technique that relies on hijacking loaded dll’s entry points. To achieve this goal, EPI patches the...
LightsOut LightsOut will generate an obfuscated DLL that will disable AMSI & ETW while trying to evade AV. This is done by randomizing all WinAPI functions used, xor encoding strings,...
Commander Commander is a command and control framework (C2) written in Python, Flask, and SQLite. It comes with two agents written in Python and C. Features Fully encrypted communication (TLS)...
KittyStager KittyStager is a stage 0 C2 comprising an API, client, and malware. The API is responsible for delivering basic tasks and shellcodes to be injected into memory by the...
Aladdin Aladdin is a payload generation technique based on the work of James Forshaw (@tiraniddo) that allows the deseriallization of a .NET payload and execution in memory. The original vector...
Hades Hades is a basic Command & Control server built using Python. It is currently extremely bare-bones, but I plan to add more features soon. Features are a work in...
Support Securityonline.info site. Thanks!
