Loading Remote AES Encrypted PE in memory , Decrypted it and run it
Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique
fireELF - Fileless Linux Malware Framework
翻译 - fireELF-无文件Linux恶意软件框架
FCL (Fileless Command Lines) - Known command lines of fileless malicious executions
Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
翻译 - Ring 3 rootkit具有单个文件安装程序和无文件持久性,可隐藏进程,文件,网络连接等。
Fileless attack with persistence
Execute ELF files without dropping them on disk
翻译 - 执行 ELF 文件而不将它们放在磁盘上
Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
翻译 - 依靠ChangeServiceConfigA来运行命令的无文件横向移动工具
Stealth dropper executing remote binaries without dropping them on disk .(HTTP3 support, ICMP support, invisible tracks, cross-platform,...)
Fileless web browser information extraction
Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript
翻译 - LiquidSnake 是一种允许操作员使用 WMI 事件订阅和 GadgetToJScript 执行无文件横向移动的工具
different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)
This repo contains : simple shellcode Loader , Encoders (base64 - custom - UUID - IPv4 - MAC), Encryptors (AES), Fileless Loader (Winhttp, socket)
WarSQLKit is a fileless rootkit and attack tool I developed for MS-SQL. With this tool you can rootkit the SQL service that uses CLR on MS-SQL servers. Thus, malicious code can be executed in the proc...
Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique