Security Boulevard

APT37 Adds New Capabilities for Air-Gapped Networks

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...
Computerworld

Injecting shellcode into processes with Syringe

The method that this tool uses is a simple one that opens a location in its address space with a call to VirtualAlloc with permissions of read, write, and execute. VirualAlloc is a Windows specific ...
GitHub

MemoryExec-Shellcode-Loader - Load Encrypted Shellcode Easily

Welcome to the MemoryExec-Shellcode-Loader repository. This tool helps you run encrypted shellcode on Windows. Follow these steps to download and use the tool effectively. MemoryExec-Shellcode-Loader ...
Microsoft

Exploit:Win32/ShellCode.gen!D

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft ...
Dark Reading

New Ransomware Variant Developed Entirely as Shellcode

Researchers have discovered a new ransomware variant that they say has significantly different behavior and characteristics than most other ransomware types. The ransomware, called PwndLocker, was ...
GitHub

dmore/InflativeLoading-red-convert-native-exe-to-PIC-shellcode

Only a few bytes in the PE header, such as e_lfanew, RVA of Import Directory, are essential to complete the loading process. Therefore, other bytes can be overwritten with random ones to hide PE ...