BestEdrOfTheMarket - Little AV/EDR Bypassing Lab For Training And Learning Purposes

Little AV/EDR Evasion Lab for training & learning purposes. ️ under construction..​ | | | | | | \ / \ / | | | | | \ / / | | | | | | | | | | | | | | | | | | ' \ / \ | | | /\ \ | | || || | | || | | | | | | | | / |/||/| ||/|| \ /|| || || ||| | / | | | | | | |/| |/ | '| |/ / \ | | | | | | | |...

CVE-2022-41415

Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a stack overflow in the RevserveMem component. This vulnerability allows attackers to cause a Denial of Service DoS via injecting crafted shellcode into the NVRAM variable...

FUD-UUID-Shellcode - Another shellcode injection technique using C++ that attempts to bypass Windows Defender using XOR encryption sorcery and UUID strings madness

Introduction Another shellcode injection technique using C++ that attempts to bypass Windows Defender using XOR encryption sorcery and UUID strings madness :. How it works Shellcode generation Firstly, generate a payload in binary format using either CobaltStrike or msfvenom for instance, in...

SharpImpersonation - A User Impersonation Tool - Via Token Or Shellcode Injection

This was a learning by doing project from my side. Well known techniques are used to built just another impersonation tool with some improvements in comparison to other public tools. The code base was taken from: https://github.com/0xbadjuju/Tokenvator A blog post for the intruduction can be foun...

Attackers Use Event Logs to Hide Malware

Researchers have discovered a malicious campaign utilizing a never-before-seen technique for quietly planting fileless malware on target machines. The technique involves injecting shellcode directly into Windows event logs. This allows adversaries to use the Windows event logs as a cover for...

CTF-All-In-One

This is a comprehensive guide to CTF Capture The Flag competitions, specifically focusing on the Pwn binary exploitation aspect. The book is written by Yang Cheng, a member of L-Team, and is intended for beginners. It covers the basics of binary exploitation, including memory management, buffer...

Jektor - A Windows User-Mode Shellcode Execution Tool That Demonstrates Various Techniques That Malware Uses

This utility focuses on shellcode injection techniques to demonstrate methods that malware may use to execute shellcode on a victim system Dynamically resolves API functions to evade IAT inclusion Includes usage of undocumented NT Windows API functions Supports local shellcode execution via...

DInjector - Collection Of Shellcode Injection Techniques Packed In A D/Invoke Weaponized DLL

This repository is an accumulation of my code snippets for various shellcode injection techniques using fantastic D/Invoke API by @TheWover and @FuzzySecurity. Features: Fully ported to D/Invoke API Encrypted payloads which can be invoked from a URL or passed in base64 as an argument Built-in AMS...

Exploit for Use After Free in Microsoft

CVE-2021-40449 My exploit for CVE-2021-40449, a Windows LPE vi...

emp3r0r

It is an offensive tool for Linux systems. The tool is called emp3r0r, a Linux post-exploitation framework made by a user named jm33-ng. It is designed to provide a better experience for remote administration on Linux systems, particularly for terminal-based interactions. The framework is written...

CTF-All-In-One

This is a comprehensive guide to CTF Capture The Flag competitions, specifically focusing on the Pwn binary exploitation aspect. The book is written by Yang Chao, a member of L-Team, and is intended for beginners. It covers the basics of binary exploitation, including memory management, buffer...

CTF-All-In-One

This is a comprehensive book on CTF Capture The Flag competitions, specifically focusing on the Pwn binary exploitation aspect. The book is written by Yang Chaofei, a member of L-Team, and is intended for beginners. It covers the basics of binary exploitation, including memory management, buffer...

APT Attack Injects Malware into Windows Error Reporting

A campaign that injects malware into the Windows Error Reporting WER service to evade detection is potentially the work of a Vietnamese APT group, researchers said. The attack, discovered on Sept. 17 by researchers at Malwarebytes Threat Intelligence Team, lures its victims with a phishing campai...

Staying Hidden on the Endpoint: Evading Detection with Shellcode

True red team assessments require a secondary objective of avoiding detection. Part of the glory of a successful red team assessment is not getting detected by anything or anyone on the system. As modern Endpoint Detection and Response EDR products have matured over the years, the red teams must...

HRShell - An Advanced HTTPS/HTTP Reverse Shell Built With Flask

HRShell: An advanced HTTPSReverse Shell built with Flask HRShell is an HTTPS/HTTP reverse shell built with flask. It's compatible with python 3.x and has been successfully tested on: Linux ubuntu 18.04 LTS, Kali Linux 2019.3 macOS Mojave Windows 7/10 Features It's stealthy TLS support Either usin...

Ayukov NFTP FTP Client 2.0 Buffer Overflow

Exploit Title: Ayukov NFTP FTP Client 2.0 - Buffer Overflow Date: 2018-12-29 Exploit Author: Uday Mittal Vendor Homepage: http://www.ayukov.com/nftp/ Software Link: ftp://ftp.ayukov.com/pub/src/nftp-1.72.zip Version : below 2.0 Tested on: Microsoft Windows XP SP3 CVE: CVE-2017-15222 EIP Location:...

Valve: Malformed BSP in GoldSrc Engine may cause shellcode injection

Introduction Hello. There's a vulnerability in GoldSrc Engine that allows to run arbitrary assembly code using incorrect BSP format processing. Description The vulnerability is found in the UTILStringToIntArray function. This function belongs to the game mod library mp.dll/cs.so and has the...

Valve: Malformed .BMP file in Counter-Strike 1.6 may cause shellcode injection

With the vulnerability of the GoldSource Engine, the server is able to perform remote code execution on the client, overwriting the stack when reading the BMP file. The problem is in the LoadBMP8 function, which is executed when the player connects to the server, by loading the...

PowerShell Downgrade Attack: Unicorn

PowerShell Downgrade Attack Magic Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber’s powershell attacks and the powershell bypass technique presented by David Kennedy TrustedSec and Josh Kelly at Defcon 18. Usage ...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2017-11882 Exploit CVE-2017-11882 Exploit accepts over 17...