Code for Battleyes shellcode

Overview

BE-Shellcode

Code for Battleyes shellcode

  • Exception handler that checks for return addresses that match report criteria
  • find hidden system threads by checking kernel time delta
  • detect hooks that want to catch exceptions (KiUserExceptionDispatcher)
  • detect blacklisted dlls (+checks for import etc) + blacklisted drivers
  • check integrity of important functions
  • check all threads in local process and find RIPs that match report criteria
  • find blacklisted signatures
Issues
  • how to use this shellcode?

    how to use this shellcode?

    Hi, how to use this shellcode? is this a battleye bypass? if I wanna inject a DLL to PC PUBG, how can I do that? please help, thanks! can I have your discord!

    opened by Carl-Xiao128 1
Owner
Student
null
Building and Executing Position Independent Shellcode from Object Files in Memory

PIC-Privileges Building and Executing Position Independent Shellcode from Object Files in Memory. This is a pingback to the blogpost I wrote at https:

Paranoid Ninja 75 Jun 23, 2022
Manual map shellcode (aka byte array) injector

ShellJector This little tool can download DLL from the internet and inject it as shellcode (aka byte array) into process with manual map injection. Th

Александр Вольф 16 May 24, 2022
Matryoshka loader is a tool that red team operators can leverage to generate shellcode for Microsoft Office document phishing payloads.

Overview Matryoshka loader is a tool that red team operators can leverage to generate shellcode for an egghunter to bypass size-limitations and perfor

Praetorian 24 Jun 26, 2022
A shellcode crypto-packing tool for PoC (used with msfvenom payloads)

crypter A shellcode crypto-packing tool for PoC (used with msfvenom/binary payloads) This tool is for proof of concept only - please use responsibly.

ripmeep 11 May 30, 2022
A Simple tool to execute shellcode with the ability to detect mouse movement

Noobi A Simple tool to execute shellcode with the ability to detect mouse movement Features: Sandbox evasion through detecting mouse movement and chec

null 10 Feb 20, 2022
Evasive shellcode loader for bypassing event-based injection detection (PoC)

(cleaned up version here: https://github.com/xinbailu/DripLoader-Ops) DripLoader (PoC) Evasive shellcode loader for bypassing event-based injection de

Filip Olszak 502 Jun 18, 2022
Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.

Cobalt Strike "Where Am I?" Beacon Object File Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environmen

Bobby Cooke 86 Jun 15, 2022
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.

Thread Stack Spoofing PoC A PoC implementation for an advanced in-memory evasion technique that spoofs Thread Call Stack. This technique allows to byp

Mariusz B. 610 Jun 27, 2022
Undetectable Loader for Cobalt Strike Using Syscalls And A External Shellcode

Hellsgate Undetectable Loader for Cobalt Strike Using Syscalls And A External Shellcode Features: Using Syscalls from Hellsgate tech loading the shell

JUICY 21 Nov 5, 2021
Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!

Ninja UUID Shellcode Runner Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10! Now supports running Cobalt

Bobby Cooke 314 Jun 15, 2022
POC tool to convert CobaltStrike BOF files to raw shellcode

BOF2Shellcode POC tool to convert a Cobalt Strike BOF into raw shellcode. Introduction This code was written as part of a blog tutorial on how to conv

FalconForce 51 Jun 7, 2022
x86 Assembler used for generating shellcode

Intel x86 assembler [email protected] syntax: Decimal “integers begin with a non-zero digit followed by zero or more decimal digits (0–9)” B

thescientist 3 Mar 14, 2022
A Windows user-mode shellcode execution tool that demonstrates various techniques that malware uses

Jektor Toolkit v1.0 This utility focuses on shellcode injection techniques to demonstrate methods that malware may use to execute shellcode on a victi

null 96 Jun 15, 2022
Shellcode loader written in rust. Strives to evade modern EDR solutions.

Pestilence What is pestilence? Pestilence is a shellcode loader written in rust. It strives to evade modern EDR solutions. How does it work? It loads

Daniil Nababkin 20 Jun 16, 2022
Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!

Ninja UUID Shellcode Runner Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10! Now supports running Cobalt

Bobby Cooke 314 Jun 15, 2022
Evasive shellcode loader for bypassing event-based injection detection (PoC)

DripLoader (PoC) Evasive shellcode loader for bypassing event-based injection detection, without necessarily suppressing event collection. The project

Filip Olszak 502 Jun 18, 2022
SysWhispers Shellcode Loader (Work in Progress)

Shhhloader Shhhloader is a SysWhispers Shellcode Loader that is currently a Work in Progress. It takes raw shellcode as input and compiles a C++ stub

icyguider 351 Jun 25, 2022
An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents

Shellcode Fluctuation PoC A PoC implementation for an another in-memory evasion technique that cyclically encrypts and decrypts shellcode's contents t

Mariusz Banach 501 Jun 22, 2022
Laplace es un launcher/Stub externo de shellcode runtime en desarrollo por un autodidacta, para el Spyware Medusa.

Laplace - Shellcode-launcher Laplace es un launcher/Stub externo de shellcode runtime en desarrollo por un autodidacta, para el Spyware Medusa. ¿Cómo

Tolaju 5 Mar 7, 2022