EarlyBird APC Injection: A Deep Technical Analysis The EarlyBird APC technique creates a trusted process in a suspended state, allocates memory for shellcode, and writes the payload. It then queues the shellcode as an Asynchronous Procedure Call (APC) to the suspended thread. Resuming the thread forces immediate, stealthy execution of the malicious code.

Original text by Malforge Group


This article provides a detailed examination of the EarlyBird APC Injection technique, a sophisticated method for executing arbitrary code within the context of a trusted process. #APC #bypass #EDR #injection #QueueUserAPC #shellcode #windows
core-jmp.org/?p=242

Abusing Microsoft Warbird for Shellcode Execution The article demonstrates an EDR bypass by using an undocumented Warbird interface to stealthily load shellcode.

Original text by cirosec.de


TL;DR


In this blog post, we’ll be covering Microsoft Warbird and how we can abuse it to sneakily load shellcode without being detected by AV or EDR solutions. #bypass #edt #microsoft #shellcode #Warbird #windows
core-jmp.org/?p=221

Mastering Living off the Process in Offensive Security No need for overusing WriteProcessMemory, VirtualAlloc, injecting a DLL, etc. This way, everything you need to manipulate the remote process is self-contained and already available to the process.

Original text by R.B.C (g3tsyst3m)


Hello again everyone! Hope the start to the new year is treating you well. I am excited to share a new blog post with you! #asm #cpp #debug #gadgets #ROP #shellcode #windows
core-jmp.org/?p=159

#SHELLCODE
allgraph.ro/advanced-sea...
#ALESHIGN #BAWEKE
allgraph.ro/advanced-sea...
#BELARUSIAN #PARTISAN #MOVEMENT 2020 #PRESENT
multi-search-tag-explorer.aepiot.ro/advanced-sea...
aepiot.ro

PIC shellcode: The Rust Way Originally published at Cyberpath A Hands-On Analysis of the Rustic64 Project In...

PIC shellcode: The Rust Way Originally published at Cyberpath A Hands-On Analysis of the Rustic64 Project In cybersecurity and malware development the use of Position Independent Code (PIC) has gai...

#shellcode #rust #offensivesecurity #redteam

Origin | Interest | Match

Android Hacking for Beginners | Ethical Hacking Full Course (Step-by-Step) | mobile hacking course Learn Android Ethical Hacking from Scratch! This course is designed for beginners who want to understand android hacking Watch at 1.5x speed 🔹 [00:00] - Introduction to Android Ethical Hacking 🔹 [01...

Android Hacking for Beginners | Ethical Hacking Full Course (Step-by-Step) | mobile hacking course twuai.com/search/8z7wG...
#msfvenom #metasploit #maldev #exploiting #android #malware #hacking101 #shellcode #binwalk

A Mega Malware Analysis Tutorial Featuring Donut-Generated Shellcode A beginner-friendly tutorial on analyzing .NET malware teaches you how to use common tools, recognize techniques and understand ...

#Learning #Hub #Malware #.NET #IDA #Pro […]

[Original post on unit42.paloaltonetworks.com]

Прячем shellcode в приложениях В этой статье мы рассмотри...

habr.com/ru/companies/otus/articl...

#reverse-engineering #exploit #shellcode #payload #windows #internals #reverse #reverse #engineering

Result Details

Slides of my presentation at @northsec.io are available here www.fortiguard.com/events/6101/...

Work on 2 different malware samples and showed how good the AI performed overall in decompiling them or de-obfuscating, but also some errors that it did in details.

#r2ai #ladvix #shellcode #linux #IoT

GitHub - psycore8/shencode: A versatile tool for working with shellcodes A versatile tool for working with shellcodes. Contribute to psycore8/shencode development by creating an account on GitHub.

I'm proud to announce the release of ShenCode 0.8.2. It is introducing a polymorphic WinExec shellcode creator with customizable commands.
I've planned to write more technical tutorials about some features. So long: check out @ github.com/psycore8/she...

#Shellcode #GitHub #MalwareDev #RedTeam

GitHub - psycore8/shencode: A versatile tool for working with shellcodes A versatile tool for working with shellcodes. Contribute to psycore8/shencode development by creating an account on GitHub.

After several weeks of fighting the Windows api, ShenCode 0.8.0 is out now. There are 3 new injection modules:

- DLL-Injection
- NtInjection
- Process_Overwriting

If you like it, please leave me a star:

github.com/psycore8/she...

#Shellcode #GitHub #MalwareDev #RedTeam

Injecting shellcode?

Avoid VirtualAlloc/WriteProcessMemory detection..

Use (NtMapViewOfSection) with a shared memory section between processes.

It bypasses common EDR hooks.

Subtle persistence wins.

#RedTeam #Malware #Infosec #Cybersecurity #EDR #Shellcode

Injecting shellcode?

Avoid VirtualAlloc/WriteProcessMemory detection..

Use (NtMapViewOfSection) with a shared memory section between processes.

It bypasses common EDR hooks.

Subtle persistence wins.

#RedTeam #Malware #Infosec #Potatosecurity #EDR #Shellcode

Shellcode Over MIDI? Bad Apple On A PSR-E433, Kinda <p>If hacking on consumer hardware is about figuring out what it can do, and pushing it in directions that the manufacturer never dared to dream, then this is a very fine hack indeed. [Portasynthica3] takes on the Yamaha PSR-E433, a cheap beginner keyboard, discovers a shell baked into it, and takes it from there.</p> <p>[Portasynthinca3] <a href="https://psi3.ru/blog/swl01u/" target="_blank">reverse engineered the firmware, wrote shellcode for the device, embedded the escape in a MIDI note stream, and even ended up writing some simple LCD driver software totally decent refresh rate on the dot-matrix display</a>, all to support the lofty goal of displaying arbitrary graphics on the keyboard’s dot-matrix character display.</p> <p>Now, we want you to be prepared for a low-res video extravaganza here. You might have to squint a bit to make out what’s going on in the video, but keep in mind that it’s being sent over a music data protocol from the 1980s, running at 31.25 kbps, displayed in the custom character RAM of an LCD.</p> <p>As always, the hack starts with research. Identifying the microcontroller CPU lead to JTAG and OpenOCD. (We love the technique of looking at the draw on a bench power meter to determine if the chip is responding to pause commands.) Dumping the code and tossing it into Ghidra lead to the unexpected discovery that Yamaha had put a live shell in the device that communicates over MIDI, presumably for testing and development purposes. This shell had PEEK and POKE, which meant that OpenOCD could go sit back on the shelf. Poking “Hello World” into some free RAM space over <a href="https://cmtext.indiana.edu/MIDI/chapter3_system_messages.php" target="_blank">MIDI sysex</a> was the first proof-of-concept.</p> <p>The final hack to get video up and running was to dig deep into the custom character-generation RAM, write some code to disable the normal character display, and then fool the CPU into calling this code instead of the shell, in order to increase the update rate. All of this for a thin slice of Bad Apple over MIDI, but more importantly, for the glory. And this hack is glorious! Go check it out in full.</p> <p>MIDI is entirely hacker friendly, and it’s likely you can hack together a musical controller that would wow your audience just with stuff in your junk box. If you’re at all into music, and you’ve never built your own MIDI devices, <a href="https://hackaday.com/2024/10/20/a-parts-bin-midi-controller-in-24-hours/">you have your weekend project</a>.</p> <p><span id="more-756042"></span></p> <p><iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen="" frameborder="0" height="450" referrerpolicy="strict-origin-when-cross-origin" src="https://www.youtube.com/embed/u6sukVMijBg?feature=oembed" title="Yamaha PSR-E433 Bad Apple demo" width="800"></iframe></p> <p>Thanks [James] for the gonzo tip!</p>

Shellcode over MIDI? Bad Apple on a PSR-E433, Kinda If hacking on consumer hardware is about figu...

hackaday.com/2025/01/23/shellcode-ove...

#Musical #Hacks #Reverse #Engineering #bad #apple #midi #reverse #engineering #shellcode #video

Event Attributes

Shellcode Over MIDI? Bad Apple On A PSR-E433, Kinda <p>If hacking on consumer hardware is about figuring out what it can do, and pushing it in directions that the manufacturer never dared to dream, then this is a very fine hack indeed. [Portasynthica3] takes on the Yamaha PSR-E433, a cheap beginner keyboard, discovers a shell baked into it, and takes it from there.</p> <p>[Portasynthinca3] <a href="https://psi3.ru/blog/swl01u/" target="_blank">reverse engineered the firmware, wrote shellcode for the device, embedded the escape in a MIDI note stream, and even ended up writing some simple LCD driver software totally decent refresh rate on the dot-matrix display</a>, all to support the lofty goal of displaying arbitrary graphics on the keyboard’s dot-matrix character display.</p> <p>Now, we want you to be prepared for a low-res video extravaganza here. You might have to squint a bit to make out what’s going on in the video, but keep in mind that it’s being sent over a music data protocol from the 1980s, running at 31.25 kbps, displayed in the custom character RAM of an LCD.</p> <p>As always, the hack starts with research. Identifying the microcontroller CPU lead to JTAG and OpenOCD. (We love the technique of looking at the draw on a bench power meter to determine if the chip is responding to pause commands.) Dumping the code and tossing it into Ghidra lead to the unexpected discovery that Yamaha had put a live shell in the device that communicates over MIDI, presumably for testing and development purposes. This shell had PEEK and POKE, which meant that OpenOCD could go sit back on the shelf. Poking “Hello World” into some free RAM space over <a href="https://cmtext.indiana.edu/MIDI/chapter3_system_messages.php" target="_blank">MIDI sysex</a> was the first proof-of-concept.</p> <p>The final hack to get video up and running was to dig deep into the custom character-generation RAM, write some code to disable the normal character display, and then fool the CPU into calling this code instead of the shell, in order to increase the update rate. All of this for a thin slice of Bad Apple over MIDI, but more importantly, for the glory. And this hack is glorious! Go check it out in full.</p> <p>MIDI is entirely hacker friendly, and it’s likely you can hack together a musical controller that would wow your audience just with stuff in your junk box. If you’re at all into music, and you’ve never built your own MIDI devices, <a href="https://hackaday.com/2024/10/20/a-parts-bin-midi-controller-in-24-hours/">you have your weekend project</a>.</p> <p><span id="more-756042"></span></p> <p><iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen="" frameborder="0" height="450" referrerpolicy="strict-origin-when-cross-origin" src="https://www.youtube.com/embed/u6sukVMijBg?feature=oembed" title="Yamaha PSR-E433 Bad Apple demo" width="800"></iframe></p> <p>Thanks [James] for the gonzo tip!</p>

Shellcode over MIDI? Bad Apple on a PSR-E433, Kinda If hacking on consumer hardware is about figu...

hackaday.com/2025/01/23/shellcode-ove...

#Musical #Hacks #Reverse #Engineering #bad #apple #midi #reverse #engineering #shellcode #video

Event Attributes

Guide to Creating Linux Reverse Shell Shellcode The article provides a detailed five-step guide for creating reverse shell shellcode in Linux, including code snippets and suggestions for enhancements.

Learn to create reverse shell shellcode in Linux with this comprehensive five-step guide. It includes code snippets and enhancement tips for better functionality. Boost your #cybersecurity skills and understand the mechanics of #threat models. #Linux #shellcode #infosec

World's First MIDI Shellcode | #security #MIDI #shellcode #exploit | psi3.ru/blog/swl01u/

🛠️ Malware that sleeps, works, and never stays! 😴

Learn how Kong Loader uses sleep masks to make malware invisible in memory throughout its execution, offering a new level of stealth and evasion

Join @tijme.bsky.social at #NullconGoa2025

👉 nullcon.net/goa-2025/spe...

#kongloader #shellcode

Creating Windows Shellcode - YouTube This video series will walk you through how to create Windows shellcode! We'll use nasm for our assembler and sclauncher for testing. We'll discuss how to us...

🔥 Ready to learn how to create #windows #shellcode? This member's-only series on #YouTube will walk you through the basics. You'll find series resources 👇

www.thecyberyeti.com/training#win...

And the playlist 👇

youtube.com/playlist?lis...

Omg hacking with shellcode was so damn fun, bravo. Day 8 of #AdventOfCyber done. #tryhackme #shellcode #msfvenom #hacktheplanet

GitHub - psycore8/shencode: A multi purpose tool for shellcode operations A multi purpose tool for shellcode operations. Contribute to psycore8/shencode development by creating an account on GitHub.

I’m excited to introduce Shencode 0.6.0! In this version, I’ve fixed numerous bugs, improved the OOP implementation, and added the new ByteSwap module (see my previous post). Please leave a star if you like the tool!

github.com/psycore8/she...

#Shellcode #GitHub #MalwareDev #RedTeam

We are going live tonight at 5 PM EST.

Tonight's session will demonstrate how to execute shellcode within a C# process without modifying memory permissions and avoiding EDR detection.

More information below.

www.linkedin.com/posts/charle...

truecyber.world

#pentest #redteam #shellcode

ByteSwapper: My polymorphic Shellcode with In-Memory Decoder and detailed explanation of Its functionality:

www.nosociety.de/en:it-securi...

#ShellCode #Malware-Dev #blog

GitHub - psycore8/shencode: A multi purpose tool for shellcode operations A multi purpose tool for shellcode operations. Contribute to psycore8/shencode development by creating an account on GitHub.

I've added a new module, to encrypt shellcode with AES. ShenCode 0.5.1 - Shellcode operations with love!
github.com/psycore8/she...

#shellcode #github #pentest

GitHub - psycore8/shencode: automation script for creating and obfuscating metasploit shellcode automation script for creating and obfuscating metasploit shellcode - psycore8/shencode

ShenCode 0.5.0 - a multi purpose tool for shellcode development github.com/psycore8/she...
#shellcode #github #pentest

Develope a polymorphic shellcode: www.nosociety.de/en:it-securi...
#itsecurity #shellcode

GitHub - psycore8/shencode: automation script for creating and obfuscating metasploit shellcode automation script for creating and obfuscating metasploit shellcode - psycore8/shencode

ShenCode 0.4.0 out now!
#shellcode
github.com/psycore8/she...