pe_to_shellcode
PowerSharpPack
pe_to_shellcode | PowerSharpPack | |
---|---|---|
4 | 3 | |
2,208 | 1,407 | |
- | - | |
3.8 | 5.4 | |
9 months ago | 21 days ago | |
C++ | PowerShell | |
BSD 2-clause "Simplified" License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pe_to_shellcode
-
Bypassing Windows Defender (10 Ways)
Finally, we also have the option to transform a native PE back to shellcode. This may be done, for example, via hasherezade's pe_to_shellcode tool.
- Petoshellcode - Converts PE into a shellcode
- pe_to_shellcode: Converts PE so that it can be then injected just like a normal shellcode. (At the same time, the output file remains to be a valid PE). Supports both 32 and 64 bit PEs
- Petoshellcode – Converts PE into a Shellcode
PowerSharpPack
-
Bypassing Windows Defender (10 Ways)
Luckily, this repo contains not only a lot of pre-built scripts for each famous tool but also the instructions to create your own scripts from your binaries.
- GitHub - S3cur3Th1sSh1t/PowerSharpPack: Many usefull offensive CSharp Projects wraped into Powershell for easy usage.
- GitHub - S3cur3Th1sSh1t/PowerSharpPack - Usefull offensive CSharp Projects wrapped into Powershell for easy usage.
What are some alternatives?
DripLoader - Evasive shellcode loader for bypassing event-based injection detection (PoC)
nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
dll_to_exe - Converts a DLL into EXE
nimcrypt - PE Crypter written in Nim
pypackerdetect - Packing detection tool for PE files
ropfuscator - ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).
donut - Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
ADVobfuscator - Obfuscation library based on C++11/14 and metaprogramming
pwntools - CTF framework and exploit development library
Alcatraz - x64 binary obfuscator
LsaParser - A shitty (and old) lsass parser.