DeathSleep A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution. Sleep and obfuscation...
ForceAdmin ForceAdmin is a c# payload builder, creating infinite UAC pop-ups until the user allows the program to be run. The inputted commands are run via powershell calling cmd.exe and...
BeatRev Version 2 The first time the malware runs on a victim it AES encrypts the actual payload(an RDLL) using environmental data from that victim. Each subsequent time the malware...
hoaxshell hoaxshell is an unconventional Windows reverse shell, currently undetected by Microsoft Defender and other AV solutions as it is solely based on http(s) traffic. The tool is easy to...
ropr ropr is a blazing fast multithreaded ROP Gadget finder What is an ROP Gadget? ROP (Return Oriented Programming) Gadgets are small snippets of a few assembly instructions typically ending...
VLANPWN VLAN attacks toolkit DoubleTagging.py – This tool is designed to carry out a VLAN Hopping attack. VLAN hopping is a computer security exploit, a method of attacking networked resources...
XLL_Phishing Introduction With Microsoft’s recent announcement regarding the blocking of macros in documents originating from the internet (email AND web download), attackers have begun aggressively exploring other options to achieve user-driven...
Shelltropy A technique of hiding malicious shellcode based on low-entropy via Shannon encoding. Entropy is the measure of the randomness in a set of data (here: shellcode). The higher the...
HintInject HintInject is a shellcode embedder and loader that I developed while playing with the PE file and Import Directory Table structures. It takes a raw shellcode file and puts...
ElfPack: ELF Binary Section Docking for Stageless Payload Delivery Highlights Overview of payload bundling mechanisms: compilation, linking, and loading. Binary compatibility and creation of loosely coupled payloads to their delivery...
nim-loader a very rough work-in-progress adventure into learning nim by cobbling resources together to create a shellcode loader that implements common EDR/AV evasion techniques. This is a mess and is...
nimc2 nimc2 is a very lightweight C2 written fully in nim (implant & server). Its features include: Windows & Linux implant generation TCP socket communication (with HTTP communication coming soon) Ability to create...
scemu x86 32/64bits emulator, for securely emulating shellcodes Features 📦 rust safety, good for malware. All dependencies are in rust. zero unsafe{} blocks. ⚡ very fast emulation (much faster than unicorn) 3,000,000...
FrostByte Progolue: In the past few days, I’ve been experimenting with the AppDomain manager injection technique and had decent success with it in my previous Red Team engagements against certain...
AtlasC2 C# C2 Framework centered around Stage 1 operations Atlas is based around gaining a foothold within an environment and further utilizing it to smuggle in C# (currently strictly C#)...
Support Securityonline.info site. Thanks!
