GitHub

AV bypass using my shellcode loader 'Invoke-PoSH-ShellCodeLoader1

'Invoke-PoSH-ShellCodeLoader' is a shellcode loader script generator that aims to bypass AV solutions such as Windows Defender. It generates an obfuscated and encrypted shellcode loader PowerShell ...
IEEE

Your Exploit is Mine: Automatic Shellcode Transplant for Remote Exploits

Abstract: Developing a remote exploit is not easy. It requires a comprehensive understanding of a vulnerability and delicate techniques to bypass defense mechanisms. As a result, attackers may prefer ...
Security Boulevard

CVE-2025-50165: Critical Flaw in Windows Graphics Component

IntroductionIn May 2025, Zscaler ThreatLabz discovered CVE-2025-50165, a critical remote code execution (RCE) vulnerability with a CVSS score of 9.8 that impacts the Windows Graphics Component. The ...
GitHub

Example of run-time manual PLT in C.

TL;DR: Write a C program that calls libc functions, compile it to a shellcode, load it in memory. Featuring function scraping from ELF as "procedure linkage", code & compilation tricks, and more. If ...
Microsoft

Office VBA + AMSI: Parting the veil on malicious macros

As part of our continued efforts to tackle entire classes of threats, Office 365 client applications now integrate with Antimalware Scan Interface (AMSI), enabling antivirus and other security ...
Dark Reading

Breaking Down the PROPagate Code Injection Attack

Attackers have a new way to sneak malicious code into benign processes. It is called PROPagate, and it is a stealthy code injection technique that is now being used in a growing number of attacks.
Microsoft

Shellcode Analysis via MSEC Debugger Extensions

In a previous post we provided some background on the !exploitable Crash Analyzer which was released earlier this year. One of the things that we didn’t mention is that !exploitable is just one of the ...