Mapping injection is a process injection technique that avoids the usage of common monitored syscall VirtualAllocEx and WriteProcessMemory.

Windows shellcode project is located in shellcode/, it can build into a PE file with only .text section and has no external dependencies.

A simple PoC which leverages the Outlook Application Interface (COM Interface) to execute shellcode on a system based on a specific trigger subject line.

Sharperner is a tool written in CSharp that generate .NET dropper with AES and XOR obfuscated shellcode. Generated executable can possibly bypass

DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.

EarlyBird: a poc of using the tech with syscalls on powershell.exe injecting cobalt strike shellcode to powershell.exe using EarlyBird Tech USAGE: first get

Running InjectEtwBypass BOF from CobaltStrike to Bypass ETW in Notepad.exe

Start a cmd shell (with admin priv.) like this and run CopyCat.exe and enjoy Mimikatz (If you are running 64 bit Windows 10)

EXOCET is superior to Metasploit's "Evasive Payloads" modules as EXOCET uses AES-256 in GCM Mode (Galois/Counter Mode). Metasploit's Evasion Payloads uses a

My experiments in weaponizing Rust for implant development and general offensive operations.

SourcePoint is a polymorphic C2 profile generator for Cobalt Strike C2s, written in Go. SourcePoint allows unique C2 profiles to be generated on the fly that

A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload.

To install Medusa, you'll need Mythic installed on a remote computer. You can find installation instructions for Mythic at the Mythic project page.

The Exploitation Resources is a github repository by FULLSHADE

Another meterpreter injection technique using C# that attempts to bypass WD.

Havoc is a modern and malleable post-exploitation command and control framework, created by @C5pider.