mobdk

Pinned Repositories

CloneProcess
Clone running process with ZwCreateProcess
Language:C#57 3 013
CopyCat
Simple rapper for Mimikatz, bypass Defender
Language:C#139 5 123
Core
Core bypass Windows Defender and execute any binary converted to shellcode
Language:C#42 2 06
CoreClass
Mimikatz embedded as classes
Language:C#28 2 06
HideCode
Hide code from dnSpy and other C# spying tools
Language:C#38 2 06
NewShell
Reverse shell without Windows cmd.exe, using ReactOS cmd.dll as shellcode
Language:C++21 2 013
Upsilon
Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used
Language:C#94 2 020
WinBoost
Execute Mimikatz with different technique
Language:C#50 1 110
WinSpoof
Use TpAllocWork, TpPostWork and TpReleaseWork to execute machine code
Language:C#19 1 04
Zeta
Using "svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc" as trigger
Language:C#54 2 110

mobdk's Repositories

mobdk/CopyCat
Simple rapper for Mimikatz, bypass Defender
Language:C#139 5 123
mobdk/Upsilon
Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used
Language:C#94 2 020
mobdk/CloneProcess
Clone running process with ZwCreateProcess
Language:C#57 3 013
mobdk/Zeta
Using "svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc" as trigger
Language:C#54 2 110
mobdk/WinBoost
Execute Mimikatz with different technique
Language:C#50 1 110
mobdk/Core
Core bypass Windows Defender and execute any binary converted to shellcode
Language:C#42 2 06
mobdk/HideCode
Hide code from dnSpy and other C# spying tools
Language:C#38 2 06
mobdk/CoreClass
Mimikatz embedded as classes
Language:C#28 2 06
mobdk/NewShell
Reverse shell without Windows cmd.exe, using ReactOS cmd.dll as shellcode
Language:C++21 2 013
mobdk/WinSpoof
Use TpAllocWork, TpPostWork and TpReleaseWork to execute machine code
Language:C#19 1 04
mobdk/Sigma
Execute shellcode with ZwCreateSection, ZwMapViewOfSection, ZwOpenProcess, ZwMapViewOfSection and ZwCreateThreadEx
Language:C#14 1 24
mobdk/winNoise
Execute embedded Mimikatz
Language:C#13 3 15
mobdk/CallBack
Execute Mimikatz in shellcode format, uses native API VirtualAlloc and EnumSystemGeoID
Language:C#8 1 24
mobdk/zCore
Optimized version, Nt/ZwProtectVirtualMemory has been removed with every syscall.
Language:C#8 1 01
mobdk/WinTimer
Wrapper for Mimikatz with delayed execution
Language:C#7 1 0
mobdk/FiberShellcodeSyscall
Using syscall when possible, ZwAllocateVirtualMemory, ZwProtectVirtualMemory and ZwWriteVirtualMemory
Language:C#6 2 11
mobdk/Files
Language:HTML6 1 0
mobdk/NewShellCS
Execute reverse shell without cmd.exe and uses syscalls from C#
5 1 02
mobdk/RemoteCat
Language:C#51
mobdk/DLLloaderCS
Load 32bit .DLL payload fra C#
4 1 01
mobdk/MimiRunner
Run Mimikatz with ReactOS cmd.exe
4 1 01
mobdk/TCPClientReverseShellCS
C# reverse shell using TCPClient
4 1 02
mobdk/APCinjectCS
Simple shellcode injetion with APC and syscalls
33
mobdk/Epsilon
In this PoC I am addressing the timer issue that exist in Defender
Language:C#3 1 0
mobdk/HijackCS
Hijack your own process or other, use syscall NtWriteVirtualMemory and NtAllocateVirtualMemory to stay undetected
3 1 01
mobdk/Omega
Use syscalls ZwCreateSection and ZwMapViewOfSection and GetDelegateForFunctionPointer
3 1 0
mobdk/InstallutilInject
Execute .dll with MS InstallUtil.exe
Language:C#21
mobdk/ProcessFinder
Find process and startup arguments with syscalls
Language:C#2 1 01
mobdk/DllHijackCS
.DLL based hijack
1 1 01
mobdk/FiberShellcode
Execute shellcode with Fiber
1 1 01