Evilbytecode-Shellcode-Go-Tactics

A mutliple tactics to execute shellcode in go :}

MIT License

Stars
13
View Code on GitHub
Ecosystems: Shell

Evilbytecode Shellcode Execution Tactics

This repository contains various projects that demonstrate advanced techniques for executing shellcode and performing memory manipulation.

Features

  • APC Injection Exploits the Asynchronous Procedure Call (APC) technique to execute malicious code within target processes.

  • Early Bird APC Injection A variation of APC Injection focusing on executing code before the main process starts.

  • Local Mapping Injection Demonstrates malicious code injection via memory mapping into local processes.

  • Local Payload Execution Addresses the direct execution of malicious payloads in a system's local environment.

  • Payload Execution Fibers Demonstrates running shellcode using Fibers, a type of lightweight thread.

  • Payload Placement Shows how to store shellcode in the .text section of a process and execute it.

  • Process Injection (Shellcode) Exploits shellcode injection directly into running processes to control or execute malicious tasks.

  • Registry Shellcode Demonstrates writing and reading shellcode to/from the Windows Registry.

  • Remote Function Stomping Injection Exploits the substitution of functions in remote systems to carry out malicious activities.

  • Remote Mapping Injection Demonstrates malicious code injection via memory mapping into remote processes.

  • Remote Thread Hijacking Focuses on hijacking threads in remote system processes to execute malicious code.

  • Threadless Injection Demonstrates threadless injection using Go & C, where shellcode is injected without creating a new thread.

Contributing

Contributions are welcome! If you have improvements or additional techniques to add, please fork the repository and submit a pull request. Ensure your code follows the project's coding standards and includes relevant documentation.

License

This repository is licensed under the MIT License. See the LICENSE file for more details.

Disclaimer

This repository is intended for educational purposes only. The techniques demonstrated here are for understanding security vulnerabilities and enhancing defensive measures. Unauthorized use of these techniques may have legal consequences.

Package Rankings
Top 6.41% on Proxy.golang.org
Related Projects
DripLoader

Evasive shellcode loader for bypassing event-based injection detection (PoC)

28 Apr 2021 695
Shellcode-Loader

Open repository for learning dynamic shellcode loading (sample in many programming languages)

08 Aug 2021 205
dvenom

🐍 Double Venom (DVenom) is a tool that provides an encryption wrapper and loader for your shellcode.

30 Jul 2023 156
EByte-Shellcode-Loader

shellcode loader that uses indirect syscalls written in D Lang The loader bypasses user-mode hook...

16 Sep 2024 2
Hooka

Evasive shellcode loader, hooks detector and more

13 Feb 2023 193
shadow-shell

Cyber lab to learn AMD64 and ARM64 assembly, analyze shellcode, analyze malware and explore memor...

01 Nov 2023 6
PE_Analysis

PE malware training exercises

10 Jan 2024 3
BMJ

Code snippets for bare-metal malware development

12 Sep 2021 83
TheBhTiNjector

TheBhTiNjector is a filebinder that can concatenate two or more files of some extensions that pre...

30 May 2024 6
shellcode-resources

Resources About Shellcode

17 Mar 2020 202
FunctionStomping

Shellcode injection technique. Given as C++ header, standalone Rust program or library.

23 Jan 2022 682
peekaboo

Simple undetectable shellcode and code injector launcher example. Inspired by RTO malware develop...

21 Jul 2021 174
ShadeLoader

ShadeLoader is a simple remote shellcode loader designed to bypass most antivirus software. 壳代码,...

08 Jul 2024 27
java-gate

Java JNI HellsGate/HalosGate/TartarusGate/RecycledGate/SSN Syscall/Many Shellcode Loaders

29 Jun 2023 186
rs-shellcode-runners

Running Shellcode using Rust

23 Nov 2023 4