mobdk

Pinned Repositories

CloneProcess
Clone running process with ZwCreateProcess
Language:C#57 3 013
CopyCat
Simple rapper for Mimikatz, bypass Defender
Language:C#140 5 123
Core
Core bypass Windows Defender and execute any binary converted to shellcode
Language:C#43 2 05
CoreClass
Mimikatz embedded as classes
Language:C#28 2 06
HideCode
Hide code from dnSpy and other C# spying tools
Language:C#41 2 05
NewShell
Reverse shell without Windows cmd.exe, using ReactOS cmd.dll as shellcode
Language:C++22 2 014
Upsilon
Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used
Language:C#92 2 019
WinBoost
Execute Mimikatz with different technique
Language:C#51 1 111
WinSpoof
Use TpAllocWork, TpPostWork and TpReleaseWork to execute machine code
Language:C#22 1 04
Zeta
Using "svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc" as trigger
Language:C#58 2 110

mobdk's Repositories

mobdk/CopyCat
Simple rapper for Mimikatz, bypass Defender
Language:C#140 5 123
mobdk/Upsilon
Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used
Language:C#92 2 019
mobdk/Zeta
Using "svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc" as trigger
Language:C#58 2 110
mobdk/CloneProcess
Clone running process with ZwCreateProcess
Language:C#57 3 013
mobdk/WinBoost
Execute Mimikatz with different technique
Language:C#51 1 111
mobdk/Core
Core bypass Windows Defender and execute any binary converted to shellcode
Language:C#43 2 05
mobdk/HideCode
Hide code from dnSpy and other C# spying tools
Language:C#41 2 05
mobdk/CoreClass
Mimikatz embedded as classes
Language:C#28 2 06
mobdk/NewShell
Reverse shell without Windows cmd.exe, using ReactOS cmd.dll as shellcode
Language:C++22 2 014
mobdk/WinSpoof
Use TpAllocWork, TpPostWork and TpReleaseWork to execute machine code
Language:C#22 1 04
mobdk/Sigma
Execute shellcode with ZwCreateSection, ZwMapViewOfSection, ZwOpenProcess, ZwMapViewOfSection and ZwCreateThreadEx
Language:C#14 2 24
mobdk/winNoise
Execute embedded Mimikatz
Language:C#13 3 16
mobdk/CallBack
Execute Mimikatz in shellcode format, uses native API VirtualAlloc and EnumSystemGeoID
Language:C#8 1 24
mobdk/zCore
Optimized version, Nt/ZwProtectVirtualMemory has been removed with every syscall.
Language:C#8 1 02
mobdk/FiberShellcodeSyscall
Using syscall when possible, ZwAllocateVirtualMemory, ZwProtectVirtualMemory and ZwWriteVirtualMemory
Language:C#6 2 11
mobdk/Files
Language:HTML6 1 0
mobdk/WinTimer
Wrapper for Mimikatz with delayed execution
Language:C#6 1 11
mobdk/MimiRunner
Run Mimikatz with ReactOS cmd.exe
5 1 02
mobdk/NewShellCS
Execute reverse shell without cmd.exe and uses syscalls from C#
5 1 02
mobdk/RemoteCat
Language:C#5 1 01
mobdk/DLLloaderCS
Load 32bit .DLL payload fra C#
4 1 01
mobdk/Epsilon
In this PoC I am addressing the timer issue that exist in Defender
Language:C#4 1 0
mobdk/APCinjectCS
Simple shellcode injetion with APC and syscalls
3 2 03
mobdk/HijackCS
Hijack your own process or other, use syscall NtWriteVirtualMemory and NtAllocateVirtualMemory to stay undetected
3 1 01
mobdk/Omega
Use syscalls ZwCreateSection and ZwMapViewOfSection and GetDelegateForFunctionPointer
3 1 01
mobdk/TCPClientReverseShellCS
C# reverse shell using TCPClient
3 1 02
mobdk/InstallutilInject
Execute .dll with MS InstallUtil.exe
Language:C#2 2 01
mobdk/ProcessFinder
Find process and startup arguments with syscalls
Language:C#2 1 01
mobdk/DllHijackCS
.DLL based hijack
1 1 01
mobdk/FiberShellcode
Execute shellcode with Fiber
1 1 01