mobdk

Pinned Repositories

CloneProcess
Clone running process with ZwCreateProcess
Language:C#58 3 013
CopyCat
Simple rapper for Mimikatz, bypass Defender
Language:C#139 5 123
Core
Core bypass Windows Defender and execute any binary converted to shellcode
Language:C#43 2 06
CoreClass
Mimikatz embedded as classes
Language:C#28 2 06
HideCode
Hide code from dnSpy and other C# spying tools
Language:C#40 2 06
NewShell
Reverse shell without Windows cmd.exe, using ReactOS cmd.dll as shellcode
Language:C++21 2 013
Upsilon
Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used
Language:C#92 2 020
WinBoost
Execute Mimikatz with different technique
Language:C#50 1 110
WinSpoof
Use TpAllocWork, TpPostWork and TpReleaseWork to execute machine code
Language:C#21 1 04
Zeta
Using "svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc" as trigger
Language:C#56 2 110

mobdk's Repositories

mobdk/LoadDLLFromFileAndConvertToShellcode
Load DLL or EXE file and convert to shellcode at runtime
83
mobdk/ExecuteShellcodeWithSyscalls
Execute shellcode with syscalls from C# .dll
122
mobdk/ProtectingCodeWith-MITIGATION_POLICY
Protect your code with a mitigation policy that prevent non Microsoft signed code to inject for inspection
2
mobdk/ObfuscateTest
Obfuscate C# source code, so the relationship between the definition and the function call, cannot be detected (not at runtime)
51
mobdk/CSharpInlineAssembly
Execute inline assembly from C#
32
mobdk/InjectShellcodeWithAPC
Simple yet effective shellcode injection with QueueUserAPC
52
mobdk/ShellcodeAndSvchost
Inject your shellcode into svchost
32
mobdk/CSharpPowershellRunspace
Inject 64 bit .dll from CSharp and Powershell runspace
3
mobdk/ClassAsShellcode
This PoC uses C# Class name as shellcode
3
mobdk/compilecs
Use build-in compiler csc.exe and other tools to insert entrypoint
83
mobdk/Shellcode
Alternative version
2
mobdk/SVCHOSTEXE
Execute shellcode with svchost.exe -k LocalSystemNetworkResticted
3
mobdk/SimpleCodeExecution
Execute tasks.dll with minimum of code
1
mobdk/TriggerExecutionTasks
Trigger execution of tasks.dll from C# calling embedded JavaScript
2
mobdk/VBAShellCodeCallFuncInDLL
2
mobdk/ExecuteVBAwithRtlMoveMemory
Execute your VBA macro with RtlMoveMemory only
3
mobdk/WordVBAPayload
Create Word VBA payload that self-destruction at runtime
Language:VBA3
mobdk/VBA-DLL-WMI-EXECUTION
Call your own DLL from VBA and execute code under process svchost.exe with WMI
Language:C#125
mobdk/BinBAT
Create payload that is both binary and batch file at the same time (Windows)
11