shincehor's starred repositories
ShadeLoader
ShadeLoader is a simple remote shellcode loader designed to bypass most antivirus software. 壳代码, 杀毒软件, 绕过
DojoLoader
Generic PE loader for fast prototyping evasion techniques
BenevolentLoader
Shellcode loader using direct syscalls via Hell's Gate and payload encryption.
RWX_MEMEORY_HUNT_AND_INJECTION_DV
Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.
no-defender
A slightly more fun way to disable windows defender + firewall. (through the WSC api)
BadExclusionsNWBO
BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR
Process_Ghosting
Process Ghosting is a technique in which a process is created from a delete pending file. This means the created process is not backed by a file. This is an evasion technique.
CVE-2024-1086
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.
BruteUnpackage
Brute force cracking the compressed package | 暴力破解有密码的压缩包
Shellcode-Hastur
Shellcode Reductio Entropy Tools
atexec-pro
Fileless atexec, no more need for port 445
BackupCreds
A C# implementation of dumping credentials from Windows Credential Manager
Advanced-TLS-Injection
A direct improvement to remote TLS Injection.
Thread-Pool-Injection-PoC
Proof of concept code for thread pool based process injection in Windows.
Evasive-Loader
Evasive loader to bypass static detection
TrueSightKiller
CPP AV/EDR Killer