donut
upx
donut | upx | |
---|---|---|
4 | 30 | |
3,315 | 13,640 | |
- | 1.8% | |
3.1 | 9.5 | |
24 days ago | 5 days ago | |
C | C++ | |
BSD 3-clause "New" or "Revised" License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
donut
-
Bypassing Windows Defender (10 Ways)
The Donut project by TheWover is a very effective Position-Independent shellcode generator from PEs/DLLs. Depending on the input file given, it works different ways. For this PoC I will be using Mimikatz, so let us see how it works at a high level. From a brief look at the code, this would be the main routine of the Donut.exe executable tool:
-
Cannot Load .NET assemblies in memory!
Note that I used the loader from donut and it worked as expected! What am I doing wrong here people?
-
BEST KALI TOOL TO MAKE UNDETECTABLE BACKDOOR 2022?
Donut -- tool to convert (certain, very simple, non-.NET) PE files into shellcode.
- Does anyone know any good x64 shellcode loaders?
upx
-
PicoCTF 2024: packer
According to this source:
-
The Trade-Offs of Optimizing and Compressing Go Binaries
Following optimization, tools like UPX can compress the resulting binary, significantly reducing file size. This compression is invaluable for resource-constrained environments but adds a decompression step during binary execution.
- Tradutor Automático de legendas
-
Obfuscation & Executable Compression in Go
I have been using UPX but I'm quite sure if there's something out there that offers better compression.
-
My website is one binary
Ah that's nice, long ago I used parchment.js to load a inform7 created z5 file on my website. You could try to compress your executable with upx https://upx.github.io/
-
Bypassing Windows Defender (10 Ways)
In this process, the given packer tool embeds a natively compiled PE into another executable that contains the information needed to unpack the original content and execute it. Perhaps the most well known packer, which is not even for malicious purposes, is Golang's UPX package.
-
How do you guys deal with protecting source code for your game when launch into steam or mobile platform?
Rewrite in C#, and use an obfuscator on the DLL. You can also write some parts in C++ as many variable and function names are forgotten when compiling. You should also encrypt the PCK, and see if you can embed it. If it's embedded, you can make it more annoying to deal with by packing it with https://upx.github.io/
-
Encrypted file in OneDrive Personal Vault Detected as Ransomware.
Another good example of false positives like this would be binaries that are compressed with UPX - the way it works is apparently very similar to how stub-loader malware operates and signature detection tools will flag it as malicious.
-
REST API in RUST with ntex
This will optimise the release binary to be as small as possible. Additionally with upx we can create really small docker image !
-
help packing sound in <4k
Then I compressed it with upx, cp small.exe smallUpx.exe && upx --brute smallUpx.exe, got a 10752 bytes executable, half the size, but still pretty large
What are some alternatives?
DripLoader - Evasive shellcode loader for bypassing event-based injection detection (PoC)
rust - Empowering everyone to build reliable and efficient software.
Shhhloader - Syscall Shellcode Loader (Work in Progress)
rust-sdl2 - SDL2 bindings for Rust
vivanewvegas-wabbajack - A Wabbajack port of the Viva New Vegas modding guide.
legion - High performance Rust ECS library
pe_to_shellcode - Converts PE into a shellcode
Lean and Mean Docker containers - Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
ThreatCheck - Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.
distroless - 🥑 Language focused docker images, minus the operating system.
obfuscator
fpm - Effing package management! Build packages for multiple platforms (deb, rpm, etc) with great ease and sanity.