The method that this tool uses is a simple one that opens a location in its address space with a call to VirtualAlloc with permissions of read, write, and execute. VirualAlloc is a Windows specific ...

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...

Buffer overflowを用いて、shellcodeを実行するとき、一つのgadgetだけを用いて、shellの実行ができるものを意味する。今回は、このone gadgetを用いて実際のshellを得るまでの流れを考える。 まず、以下のような脆弱性があるプログラムがあるとする。 このプログラム ...

This program executes any shellcode that you give it. Can you spawn a shell and use that to read the flag.txt? You can find the program in /problems/handy-shellcode_3 ...

Exploits the Asynchronous Procedure Call (APC) technique to execute malicious code within target processes. Contributions are welcome! If you have improvements or additional techniques to add, please ...

Researchers have discovered a new ransomware variant that they say has significantly different behavior and characteristics than most other ransomware types. The ransomware, called PwndLocker, was ...

Welcome to the MemoryExec-Shellcode-Loader repository. This tool helps you run encrypted shellcode on Windows. Follow these steps to download and use the tool effectively. MemoryExec-Shellcode-Loader ...