15 रिपॉजिटरी
Mechanisms for executing custom machine code within target processes to override internal functions.
Distinct from Inline Assembly Interfaces: None of the candidates relate to runtime binary code injection; this is a systems programming capability.
Explore 15 awesome GitHub repositories matching operating systems & systems programming · Assembly Injection Interfaces. Refine with filters or upvote what's useful.
Cheat Engine is a software reverse engineering suite and memory editor designed for the Windows environment. It functions as a comprehensive platform for inspecting, analyzing, and modifying the internal logic and data structures of running applications. The tool provides capabilities for real-time memory scanning and manipulation, allowing users to locate and alter specific values within a process's address space. It distinguishes itself through advanced debugging features, including hardware-assisted debugging, kernel-mode driver injection for bypassing memory protections, and dynamic binar
Executes custom machine code within a target process to modify internal logic and override existing functions.
Pwntools is a Python-based framework designed for rapid prototyping and automation in binary exploitation, reverse engineering, and security research. It serves as a comprehensive toolkit for interacting with local and remote processes, providing the primitives necessary to manage complex exploit workflows and streamline security analysis tasks. The framework distinguishes itself through its specialized capabilities for binary manipulation and automated exploit construction. It includes dedicated utilities for parsing executable file formats, assembling and disassembling machine code, and gen
Generates architecture-specific shellcode and machine code for exploit payload construction.
Nishang is a PowerShell-based offensive security framework designed for red teaming and penetration testing on Windows targets. It functions as a post-exploitation toolkit and payload generator to automate attacks and manage remote targets. The project provides specialized capabilities for bypassing security controls, such as disabling the Antimalware Scan Interface and employing in-memory execution to avoid disk-based detection. It includes a variety of stealthy command and control mechanisms, utilizing non-standard channels like DNS TXT records, ICMP traffic, and webmail for communication a
Retrieves shellcode from DNS records and executes it in memory to bypass disk-based detection.
BepInEx is a Unity game modding framework that enables the injection of custom C# code and external assemblies into running processes without modifying original binaries. It provides a plugin loader and a dependency resolution engine to ensure that external modules are initialized in the correct order based on defined metadata requirements. The framework includes a centralized plugin configuration system for storing and editing custom settings via files and interactive inputs. It also features a runtime object inspector for browsing and debugging active game objects and components within a Un
Implements the ability to load external .NET assemblies into a running process to override game logic.
CppGuide is a curated collection of educational resources and practical guides focused on C++ server development, Linux kernel internals, concurrent programming, network protocols, and security exploitation. It provides structured learning paths for backend developers, covering everything from interview preparation to building high-performance network servers and understanding operating system fundamentals. The guide distinguishes itself by offering in-depth, hands-on tutorials that walk through real-world implementations, including building a Redis-like server from scratch, designing custom
Provides hands-on tutorials for creating trojans by infecting executables, a core security exploitation topic.
Merlin एक क्रॉस-प्लेटफॉर्म कमांड एंड कंट्रोल फ्रेमवर्क और रिमोट एक्सेस टूल है। यह पोस्ट-एक्सप्लॉइटेशन समन्वय के लिए एक सर्वर और एजेंट सिस्टम प्रदान करता है, जो सुरक्षित संचार और कई ऑपरेटिंग सिस्टम पर कमांड निष्पादित करने के लिए HTTP/2 फ्रेमवर्क का उपयोग करता है। इस प्रोजेक्ट में एक इन-मेमोरी कोड निष्पादन इंजन है जो डिस्क पर फाइलें लिखे बिना सीधे प्रोसेस के भीतर असेंबली और शेलकोड चलाता है। यह पीयर-टू-पीयर नेटवर्क के माध्यम से एक विकेंद्रीकृत संचार आर्किटेक्चर लागू करता है, जिससे एजेंट डायरेक्ट बाइंड या रिवर्स कनेक्शन के माध्यम से डेटा का आदान-प्रदान कर सकते हैं। डिटेक्शन से बचने के लिए, फ्रेमवर्क में ट्रैफिक ऑब्फस्केशन टूल्स शामिल हैं जो TLS फिंगरप्रिंट को संशोधित करते हैं और संचार पैटर्न को छिपाने के लिए कॉन्फ़िगर करने योग्य पैकेट पैडिंग जोड़ते हैं। सुरक्षा को एन्क्रिप्टेड एजेंट संचार, सिमेट्रिक ट्रैफिक एन्क्रिप्शन और आइडेंटिटी वैलिडेशन के लिए एसिमेट्रिक क्रिप्टोग्राफिक हैंडशेक के माध्यम से मैनेज किया जाता है। सिस्टम कमांड लाइन इंटरफेस के माध्यम से मल्टी-यूज़र एक्सेस समन्वय का समर्थन करता है, जो रेड टीम इंफ्रास्ट्रक्चर के भीतर वितरित एजेंटों के प्रबंधन को सक्षम बनाता है।
Implements shellcode execution via asynchronous procedure calls to evade detection.
Donut is a toolset for loading and executing payloads in memory, featuring a position-independent shellcode generator, an in-memory payload injector, and a .NET assembly loader. It is designed to convert executable files and scripts into shellcode that can be executed within the memory space of a remote process without writing files to disk. The project specializes in security evasion through memory-based patching and payload obfuscation using symmetric block ciphers and compression. It includes a remote payload stager to retrieve encrypted modules from HTTP or DNS servers during runtime, red
Converts executables and scripts into position-independent shellcode for in-memory execution without file system access.
यह प्रोजेक्ट एक आक्रामक सुरक्षा टूलकिट और डेवलपमेंट फ्रेमवर्क है जिसे मेमोरी-सुरक्षित मैलवेयर, नेटवर्क स्कैनर और पेलोड जनरेटर बनाने के लिए डिज़ाइन किया गया है। यह कारनामे (exploits), शेलकोड और रिमोट एक्सेस टूल्स विकसित करने के लिए एक संरचित दृष्टिकोण प्रदान करता है। यह फ्रेमवर्क न्यूनतम स्टैंडअलोन मशीन कोड और शेलकोड उत्पन्न करने के लिए नो-स्टैंडर्ड-लाइब्रेरी वातावरण के उपयोग के माध्यम से खुद को अलग करता है। यह सोशल इंजीनियरिंग में उपयोग किए जाने वाले भ्रामक वेब इंटरफेस बनाने के लिए उच्च-प्रदर्शन तर्क को WebAssembly में संकलित करने का भी समर्थन करता है। क्षमता क्षेत्रों में फ़ज़िंग के माध्यम से स्वचालित भेद्यता खोज, मल्टी-थ्रेडेड और एसिंक्रोनस नेटवर्क सतह मैपिंग, और स्व-प्रसारित वर्म्स का विकास शामिल है। टूलकिट में रिमोट इम्प्लांट्स और कमांड सर्वर के बीच ट्रैफ़िक को सुरक्षित करने के लिए एंड-टू-एंड एन्क्रिप्टेड संचार चैनलों के कार्यान्वयन, साथ ही कई ऑपरेटिंग सिस्टम के लिए क्रॉस-प्लेटफ़ॉर्म बाइनरी संकलन भी शामिल है।
Produces architecture-specific machine code payloads for security exploitation without standard library dependencies.
EQGRP is a remote access trojan framework and post-exploitation toolkit. It provides a centralized command and control infrastructure for deploying persistent implants and managing remote agents across diverse operating systems. The project includes tools for digital forensic evasion, such as modifying system logs and filesystem timestamps to remove execution traces. It features a network interception system for capturing and reconstructing data streams by hooking into the system root, as well as exploits designed for kernel privilege escalation to elevate process permissions to administrativ
Obscures and compresses payload code to bypass security scanners and fit within specific memory limits.
Veil is a payload generation framework and a suite of tools designed to automate the creation of obfuscated binaries and encoded shellcode. It functions as an anti-virus evasion tool that transforms binary code to bypass security scanners and endpoint detection software. The framework utilizes multi-language payload generation, employing various programming language compilers to create executables that evade signature-based detection. It includes an evasive shellcode encoder to remove forbidden characters and apply obfuscation techniques to hide payload logic. The project covers the generati
Produces executable files by combining shellcode with language-specific wrappers for direct system execution.
MelonLoader is a game engine plugin loader designed to inject custom code and load external plugins into Unity games. It functions as a modding framework that supports both Mono and Il2Cpp runtimes, allowing for the modification of games across different backend architectures. The project enables the patching and hooking of functions within Unity games, specifically providing a system for managing C# assemblies in Mono environments and a framework for patching the Interop C++ backend used by Il2Cpp. The system handles the interception of the application boot process to load third-party mods
Implements the injection of .NET assemblies into running processes to extend game functionality.
Unicorn is a collection of utilities for generating malicious HTA files, VBA macros, encoded PowerShell commands, and memory-resident shellcode injection frameworks. It provides tools to create payloads designed to achieve remote code execution by bypassing security controls. The project focuses on weaponizing office documents through VBA macros and formulas, generating HTA attack vectors, and creating encoded PowerShell payloads. It includes a shellcode injection framework to wrap external shellcode for direct execution in system memory. The toolkit covers binary-to-base64 conversion for ce
Parses formatted shellcode exports to wrap them into injection commands for direct execution in memory.
OffensiveNim is a red teaming framework and post-exploitation toolkit developed in Nim. It provides a collection of low-level primitives and a Windows API wrapper designed for offensive security operations, including malware development and shellcode loading. The project focuses on evasion and obfuscation through techniques such as API unhooking, direct system calls, and anti-debugging mechanisms. It features diverse payload delivery methods, including reflective binary loading, the execution of .NET assemblies via CLR hosting, and various shellcode injection techniques using fibers, COM obje
Provides the ability to allocate executable memory and inject shellcode into the current process.
OffensiveRust is a red team toolkit and malware development kit written in Rust. It serves as an evasion framework and post-exploitation library, providing a collection of offensive security primitives and a Windows API wrapper for interacting with low-level system functions and undocumented APIs. The project focuses on bypassing security software through direct system calls, memory obfuscation, and stealthy payload execution. It implements techniques to defeat static binary analysis via compile-time string encryption and payload obfuscation, while avoiding detection using parent process ID s
Converts binary payloads into UUID strings to load them into heap memory via system callbacks.
Phantom-Evasion is a security research framework designed for generating obfuscated payloads and automating post-exploitation tasks during authorized security assessments. It provides a suite of utilities for creating custom executables and libraries intended to test the effectiveness of antivirus and endpoint security detection systems. The framework distinguishes itself through a focus on memory-resident operations, allowing for the execution of encrypted binaries and shellcode directly within system memory. By utilizing techniques such as junk code injection, payload encryption, and remote
Performs process shellcode injection by executing custom shellcode within local or remote processes using memory allocation and execution techniques.