Alternative Shellcode Execution Via Callbacks

Related tags

Networking and Internet AlternativeShellcodeExec
Overview

Alternative Code Execution

This is gaining more popularity than expected, so I just wanted to give a shoutout to alfarom256 for informing me about callback functions and showing me the CreateThreadPoolWait technique. I also wanted to give a shoutout to ch3rn0byl for encouraging me to get this project going.

According to Microsoft, a callback function is code within a managed application that helps an unmanaged DLL function complete a task. Calls to a callback function pass indirectly from a managed application, through a DLL function, and back to the managed implementation. This repository contains a list of callback functions that can be used to execute position independent shellcode so that CreateThread would be a thing of the past :P.

You might also like...
EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode
EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode

HOLLOW - Cobalt Strike BOF Authors: Bobby Cooke (@0xBoku) Justin Hamilton (@JTHam0) Octavio Paguaga (@OakTree__) Matt Kingstone (@n00bRage) Beacon Obj

Bobby Cooke 203 Dec 20, 2022
x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code
x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code

NoPatchGuardCallback x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code Read: https://www.godeye.club/2021/05/22/00

Kento Oki 139 Dec 26, 2022
Bypasses for Windows kernel callbacks PatchGuard protection

kernel_callbacks Bypasses for Windows kernel callbacks PatchGuard protection https://www.godeye.club/2021/08/14/001-windows-notification-callbacks.htm

Kento Oki 36 Nov 26, 2022
A proof of concept demonstrating instrumentation callbacks on Windows 10 21h1 with a TLS variable to ensure all syscalls are caught.

Instrumentation callbacks are quite a fun undocumented part of Windows. All the code in this repository is released under the MIT license. This repository uses google style C++.

Deputation 60 Dec 26, 2022
x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration
x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration

anycall x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration Read: https://www.godeye.club/2021/05/14/0

Kento Oki 160 Dec 30, 2022
A small self-contained alternative to readline and libedit

Linenoise A minimal, zero-config, BSD licensed, readline replacement used in Redis, MongoDB, and Android. Single and multi line editing mode with the

Salvatore Sanfilippo 3.1k Jan 2, 2023
A small self-contained alternative to readline and libedit that supports UTF-8 and Windows and is BSD licensed.

Linenoise Next Generation A small, portable GNU readline replacement for Linux, Windows and MacOS which is capable of handling UTF-8 characters. Unlik

ArangoDB 340 Dec 6, 2022
RE2 is a fast, safe, thread-friendly alternative to backtracking regular expression engines like those used in PCRE, Perl, and Python. It is a C++ library.

This is the source code repository for RE2, a regular expression library. For documentation about how to install and use RE2, visit https://github.co

Google 7.5k Jan 4, 2023
A small self-contained alternative to readline and libedit

Linenoise A minimal, zero-config, BSD licensed, readline replacement used in Redis, MongoDB, and Android. Single and multi line editing mode with the

Salvatore Sanfilippo 3.1k Dec 30, 2022
A free, offline Pokémon Home alternative for Switch!

Eevee A free, offline Pokémon Home alternative for Switch! Features currently available: Bank Cloning Editing Features planned: Editing LGPE support O

Ben 21 Oct 20, 2022
Alternative firmware for IKEA ORSALA lamp
Alternative firmware for IKEA ORSALA lamp

orsala_hack Alternative firmware for IKEA ORSALA lamp (https://www.ikea.com/de/de/p/orsala-arbeitsleuchte-led-dimmbar-weiss-00482904/) but why? The OR

null 52 Nov 5, 2022
Alternative LAZ implementation for C++ and JavaScript

What is this? Alternative LAZ implementation. It supports compilation and usage in JavaScript, usage in database contexts such as pgpointcloud and Ora

Howard Butler 55 Oct 25, 2022
Alternative firmware for IP cameras based on the HiSilicon (and other) SoC's
Alternative firmware for IP cameras based on the HiSilicon (and other) SoC's

OpenIPC v2.1 (experimental, buildroot based..) Alternative firmware for IP cameras based on the HiSilicon (and other) SoC's More information about the

OpenIPC 363 Jan 7, 2023
Minipops alternative firmware for Music Thing Modular Radio Music

RMoxy Minipops drummer alternative firmware for Music Thing Modular Radio Music module The repository for the Radio Music module by Tom Whitwell Kits

Johan Berglund 7 Nov 6, 2022
Alternative openhaystack firmware

OpenHaystack - (ultra low power) alternative firmware This is an alternative OpenHaystack firmware based on https://github.com/seemoo-lab/openhaystack

Antonio Calatrava 57 Dec 15, 2022
GPU Task Spooler - A SLURM alternative/job scheduler for a single simulation machine
GPU Task Spooler - A SLURM alternative/job scheduler for a single simulation machine

GPU Task Spooler - A SLURM alternative/job scheduler for a single simulation machine

Duc Nguyen 103 Jan 6, 2023
A cleaner and more intuitive std::variant alternative

[WIP] ExtendedVariant This single header library is part of my C++ extended standard stdex libraries. Check our my profile for more. Working with C++

pinsrq 3 Jun 13, 2021
A fast and easy to configure alternative to neofetch written in C and configured using Lua
A fast and easy to configure alternative to neofetch written in C and configured using Lua

lcfetch A fast and easy to configure alternative to neofetch written in C and configured using Lua (still in a very early stage)! IMPORTANT: I'm a new

Alejandro 23 Jul 29, 2022
Isocline is a pure C library that can be used as an alternative to the GNU readline library
Isocline is a pure C library that can be used as an alternative to the GNU readline library

Isocline: a portable readline alternative. Isocline is a pure C library that can be used as an alternative to the GNU readline library (latest release

Daan 136 Dec 30, 2022
Comments
Owner
Skidding Across Userland
null
GitHub
Alternative firmware for IKEA ORSALA lamp

orsala_hack Alternative firmware for IKEA ORSALA lamp (https://www.ikea.com/de/de/p/orsala-arbeitsleuchte-led-dimmbar-weiss-00482904/) but why? The OR

null 52 Nov 5, 2022
Control Hörmann doors drives directly via MQTT from Home Assistant

hoermann_door Control Hörmann doors drives directly via MQTT from Home Assistant

null 66 Nov 23, 2022
Upload arbitrary data via Apple's Find My network.

Send My allows you to to upload abritrary data from devices without an internet connection by (ab)using Apple's Find My network. The data is broadcasted via Bluetooth Low Energy and forwarded by nearby Apple devices.

Positive Security 1.5k Jan 2, 2023
Bring Ethernet to the Pi Pico via SPI

Uses lwIP in combination with the ENC28J60 SPI ethernet module to bring a TCP/IP stack to the Pi Pico!

James Judd 38 Nov 16, 2022
Wifi MQTT Data Logging via an esp8266 for the Ikea VINDRIKTNING PM2.5 air quality sensor

MQTT connectivity for the Ikea VINDRIKTNING This repository contains an ESP8266 firmware, which adds MQTT to the Ikea VINDRIKTNING PM2.5 air quality s

Sören Beye 943 Dec 31, 2022
xpload is a C++ library to communicate with a calibration database via libcurl

xpload is a C++ library to communicate with a calibration database via libcurl

BNL Nuclear and Particle Physics Software Group 1 Jan 10, 2022
RPI Pico WIFI via ESP-01S, LWESP, FreeRTOS, and MQTT example

RPIPicoRTOSMQTT RPI Pico WIFI via ESP-01S, LWESP, FreeRTOS, and MQTT example Demo code for RPI Pico using ESP-01S for wifi connection over uart. With

Dr Jon Durrant 2 Dec 2, 2021
POCs for Shellcode Injection via Callbacks

Callback_Shellcode_Injection POCs for Shellcode Injection via Callbacks. Working APIs 1, EnumTimeFormatsA Works 2, EnumWindows Works 3, EnumD

Chaitanya Haritash 322 Jan 5, 2023
InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module

InlineExecute-Assembly InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process

anthemtotheego 402 Dec 26, 2022
A Windows user-mode shellcode execution tool that demonstrates various techniques that malware uses

Jektor Toolkit v1.0 This utility focuses on shellcode injection techniques to demonstrate methods that malware may use to execute shellcode on a victi

null 95 Sep 5, 2022