winx64-InjectAllProcessesMeterpreter-Shellcode

64bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells.

created at May 1, 2021, 3:39 p.m.

3

53

11

SPAWN

Cobalt Strike Beacon Object File (BOF) that takes the name of of a PE file as an argument and spawns the process in a suspended state

created at July 17, 2021, 4:35 p.m.

6

86

12

spawn

Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG), BlockDll, and PPID spoofing.

created at July 17, 2021, 4:35 p.m.

9

212

34

injectAmsiBypass

Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.

created at July 19, 2021, 12:08 a.m.

7

148

28

HellsGatePPID

Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process

created at Aug. 5, 2021, 2:53 a.m.

7

67

10

CobaltStrikeReflectiveLoader

Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities.

created at Aug. 15, 2021, 6:17 p.m.

10

287

44

azureOutlookC2

Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Microsoft Graph API for C2 Operations.

created at Sept. 10, 2021, 2 a.m.

7

434

90

injectEtwBypass

CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)

created at Sept. 21, 2021, 11:06 p.m.

4

107

24

Ninja_UUID_Dropper

Module Stomping, No New Thread, HellsGate syscaller, UUID Dropper for x64 Windows 10!

created at Oct. 5, 2021, 7:14 p.m.

7

164

27

BokuLoader

Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities. By: @0xBoku & @s4ntiago_p

created at Aug. 15, 2021, 6:17 p.m.

18

504

97