{"id":13842131,"url":"https://github.com/alphaSeclab/shellcode-resources","last_synced_at":"2025-07-11T14:30:38.713Z","repository":{"id":111962738,"uuid":"247890959","full_name":"alphaSeclab/shellcode-resources","owner":"alphaSeclab","description":"Resources About Shellcode","archived":false,"fork":false,"pushed_at":"2020-03-17T05:58:48.000Z","size":61,"stargazers_count":208,"open_issues_count":0,"forks_count":59,"subscribers_count":10,"default_branch":"master","last_synced_at":"2024-11-15T08:04:49.864Z","etag":null,"topics":["shellcode","shellcode-analysis","shellcode-convert","shellcode-decode","shellcode-development","shellcode-encode","shellcode-execute","shellcode-injection","shellcode-loader"],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alphaSeclab.png","metadata":{"files":{"readme":"Readme.md","changelog":"history/Shellcode_20200317135420.json","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2020-03-17T05:57:22.000Z","updated_at":"2024-11-03T15:46:54.000Z","dependencies_parsed_at":"2023-04-20T04:04:39.654Z","dependency_job_id":null,"html_url":"https://github.com/alphaSeclab/shellcode-resources","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphaSeclab%2Fshellcode-resources","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphaSeclab%2Fshellcode-resources/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphaSeclab%2Fshellcode-resources/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphaSeclab%2Fshellcode-resources/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alphaSeclab","download_url":"https://codeload.github.com/alphaSeclab/shellcode-resources/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225729851,"owners_count":17515177,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["shellcode","shellcode-analysis","shellcode-convert","shellcode-decode","shellcode-development","shellcode-encode","shellcode-execute","shellcode-injection","shellcode-loader"],"created_at":"2024-08-04T17:01:27.789Z","updated_at":"2024-11-21T12:30:54.670Z","avatar_url":"https://github.com/alphaSeclab.png","language":null,"readme":"# [所有收集类项目](https://github.com/alphaSeclab/all-my-collection-repos)\n\n\n\n\n# Shellcode\n\n\n- Shellcode相关资源, 150+工具, 500+文章\n- [English Version](https://github.com/alphaSeclab/shellcode-resources/blob/master/Readme_en.md)\n\n\n# 目录\n- [开发\u0026\u0026编写](#046354d96bbc65ade966dc83ff7fe8ef)\n    - [shellen](#5489b8896792ff75d1e0971597d5829b) -\u003e  [(1)工具](#7a69f4fc97964348552acb7c8472f1ab) [(2)文章](#e5dc2d01e8279adf30d34066b8c61aaf)\n    - [漏洞开发](#4f71b3d96ccbb4433cd9582bf6b3b49c) -\u003e  [(1)工具](#1578f4dee1f7b9340b7923d72e67ca75) [(13)文章](#76612bdb96657fd5e6c663f76b738619)\n    - [编码\u0026\u0026解码](#4137b4aa2b9562fbad4010b40c93c0b8) -\u003e  [(9)工具](#3ab819169565fb2ac49e4a7285b217fd) [(14)文章](#1d15b6ffe1202baecee2e63ceb01261c)\n    - [(9) 工具](#2aad113ca8fd8b2ce5278b3c73afb637)\n    - [(56) 文章](#ba82bf5ca275733d09434861aa4becf5)\n- [启动\u0026\u0026加载\u0026\u0026注入\u0026\u0026执行](#b79d65effe22d7dfa216cdfaaede7abd)\n    - [注入](#c8f7f9913bbf6ca9ad62b2924a81c5a1) -\u003e  [(13)工具](#270623a2c94dd2e4a342f46262ee8ae1) [(34)文章](#f67fc5d20ddff852419d63d094cb17ba)\n    - [执行](#4ad7253b703db90d80efccc99da781e5) -\u003e  [(1)工具](#b84580eec0d446e20ed9c774946f9325) [(23)文章](#9cdbcec9e7e4bf040fe9802dc4e1225b)\n    - [(22) 工具](#2c78519e8cf84e3863d4c2374ead132f)\n    - [(6) 文章](#4f9e0536cd4c8b6d7e3597c5c9315df5)\n- [生成](#c86cc38af95f4ccbc3d082b3883af702) -\u003e  [(16)工具](#20753578295f405b2fee3ae5659ee214) [(24)文章](#102a321d8be34fab263fe0559145b36c)\n- [转换](#4d515d3e53e9e4ae1f09bd9f4afc5b5a) -\u003e  [(11)工具](#eb5e32922251dc76e85ed094adbcacd9) [(3)文章](#1d87c2031d25482e324e0b3158e46806)\n- [分析](#9a0361c824e96f82eaec8829d14cf080)\n    - [漏洞](#115b4bfacc38bd2fc9b7fa303b5c58ab) -\u003e \n    - [(5) 工具](#b636936039c6751d5e736ca2e52c8e1a)\n    - [(53) 文章](#ae3243cf65f334dd979b7709d6d745d3)\n- [BypassXxx](#2783a12f735d75d4d9dd34aade4e27fd)\n    - [AV](#68671811bf65fa44f770f9b7bf35edba) -\u003e  [(5)工具](#501a34037beb98f8db25e453dc8c6178) [(9)文章](#e4f187de8742002a534b4140989904a4)\n    - [(5) 工具](#8c1f3c12de652e3cb2e2d92d28d762d8)\n    - [(12) 文章](#fa01326b5bfe12e5417c0f4d30146245)\n- [ARM](#82f62a71fbfb0aec18860663d4de5ec2) -\u003e  [(2)工具](#9ebdbbcde063e2fd71a1f9fef001315a) [(9)文章](#c7014efbebcc4831883c878a9c4b1736)\n- [其他](#bfaa9390189b5c4ab46ca5631adf3453)\n    - [工具](#16001cb2fae35b722deaa3b9a8e5f4d5)\n        - [(1) 收集](#714ed53324dd30fc14a3ca7c02b9fc1c)\n        - [(64) 新添加](#98d70f3829393b5da364689bc902bab0)\n        - [(6) 其他](#d342759bd2543421de29133d9b376df8)\n    - [文章](#7d2b1d324dbfb20c3c6da343e9443a5c)\n        - [(262) 新添加](#596105c2fa0590982160279ebd1b1eac)\n\n\n# \u003ca id=\"046354d96bbc65ade966dc83ff7fe8ef\"\u003e\u003c/a\u003e开发\u0026\u0026编写\n\n\n***\n\n\n## \u003ca id=\"5489b8896792ff75d1e0971597d5829b\"\u003e\u003c/a\u003eshellen\n\n\n### \u003ca id=\"7a69f4fc97964348552acb7c8472f1ab\"\u003e\u003c/a\u003e工具\n\n\n- [**706**星][1y] [Py] [merrychap/shellen](https://github.com/merrychap/shellen) 交互式Shellcode开发环境\n\n\n### \u003ca id=\"e5dc2d01e8279adf30d34066b8c61aaf\"\u003e\u003c/a\u003e文章\n\n\n- 2018.03 [freebuf] [Shellen：交互式shellcode开发环境](http://www.freebuf.com/sectool/164387.html)\n- 2018.02 [pediy] [[翻译] Shellen-交互式shellcode开发环境](https://bbs.pediy.com/thread-224810.htm)\n\n\n\n\n***\n\n\n## \u003ca id=\"4f71b3d96ccbb4433cd9582bf6b3b49c\"\u003e\u003c/a\u003e漏洞开发\n\n\n### \u003ca id=\"1578f4dee1f7b9340b7923d72e67ca75\"\u003e\u003c/a\u003e工具\n\n\n- [**8**星][4y] [Py] [sectool/python-shellcode-buffer-overflow](https://github.com/sectool/Python-Shellcode-Buffer-Overflow) Shellcode / Buffer Overflow\n\n\n### \u003ca id=\"76612bdb96657fd5e6c663f76b738619\"\u003e\u003c/a\u003e文章\n\n\n- 2018.04 [pediy] [[翻译]Windows漏洞利用开发 - 第4部分：使用跳转定位Shellcode](https://bbs.pediy.com/thread-225847.htm)\n- 2017.09 [shogunlab] [Zero Day Zen Garden: Windows Exploit Development - Part 3 [Egghunter to Locate Shellcode]](https://www.shogunlab.com/blog/2017/09/02/zdzg-windows-exploit-3.html)\n- 2017.08 [shogunlab] [Zero Day Zen Garden: Windows Exploit Development - Part 2 [JMP to Locate Shellcode]](https://www.shogunlab.com/blog/2017/08/26/zdzg-windows-exploit-2.html)\n- 2017.05 [abatchy] [Exploit Dev 101: Jumping to Shellcode](http://www.abatchy.com/2017/05/jumping-to-shellcode.html)\n- 2016.06 [digitaloperatives] [Exploiting Weak Shellcode Hashes to Thwart Module Discovery; or, Go Home, Malware, You’re Drunk!](https://www.digitaloperatives.com/2016/06/23/exploiting-weak-shellcode-hashes/)\n- 2016.01 [pediy] [[翻译]Windows Exploit开发系列教程第六部分：WIN32 shellcode编写](https://bbs.pediy.com/thread-207096.htm)\n- 2016.01 [pediy] [[翻译]exploit开发教程第六章-shellcode](https://bbs.pediy.com/thread-206946.htm)\n- 2015.08 [ly0n] [Avoiding badchars \u0026 small buffers with custom shellcode – OdinSecureFTPclient SEH exploit](http://ly0n.me/2015/08/10/avoiding-badchars-small-buffers-with-custom-shellcode-odinsecureftpclient-seh-exploit/)\n- 2015.08 [ly0n] [Avoiding badchars \u0026 small buffers with custom shellcode – OdinSecureFTPclient SEH exploit](https://paumunoz.tech/2015/08/10/avoiding-badchars-small-buffers-with-custom-shellcode-odinsecureftpclient-seh-exploit/)\n- 2014.03 [beefproject] [Exploiting with BeEF Bind shellcode](http://blog.beefproject.com/2014/03/exploiting-with-beef-bind-shellcode_19.html)\n- 2014.01 [securitysift] [Windows Exploit Development – Part 5: Locating Shellcode With Egghunting](https://www.securitysift.com/windows-exploit-development-part-5-locating-shellcode-egghunting/)\n- 2013.12 [securitysift] [Windows Exploit Development – Part 4: Locating Shellcode With Jumps](https://www.securitysift.com/windows-exploit-development-part-4-locating-shellcode-jumps/)\n- 2008.01 [pediy] [[原创]exploit_me_A的shellcode构造与突破](https://bbs.pediy.com/thread-57561.htm)\n\n\n\n\n***\n\n\n## \u003ca id=\"4137b4aa2b9562fbad4010b40c93c0b8\"\u003e\u003c/a\u003e编码\u0026\u0026解码\n\n\n### \u003ca id=\"3ab819169565fb2ac49e4a7285b217fd\"\u003e\u003c/a\u003e工具\n\n\n- [**89**星][4y] [Py] [mothran/unicorn-decoder](https://github.com/mothran/unicorn-decoder) Simple shellcode decoder using unicorn-engine\n- [**51**星][1y] [Py] [ecx86/shellcode_encoder](https://github.com/ecx86/shellcode_encoder) x64 printable shellcode encoder\n- [**45**星][4y] [Py] [eteissonniere/elidecode](https://github.com/ETeissonniere/EliDecode) The tool to decode obfuscated shellcodes using the unicorn and capstone engine\n- [**29**星][2y] [Py] [ihack4falafel/slink](https://github.com/ihack4falafel/slink) Alphanumeric Shellcode (x86) Encoder\n- [**27**星][7m] [Py] [blacknbunny/encdecshellcode](https://github.com/blacknbunny/encdecshellcode) Shellcode Encrypter \u0026 Decrypter With XOR Cipher\n- [**13**星][1y] [Py] [veritas501/ae64](https://github.com/veritas501/ae64) basic amd64 alphanumeric shellcode encoder\n- [**12**星][2m] [Perl 6] [anon6372098/faz-shc](https://github.com/anon6372098/faz-shc) Faz-SHC is a program that can be encrypted the text you give to a Shellcode. Simple and coded with Perl. Coded by M.Fazri Nizar.\n- [**2**星][1y] [Makefile] [sh3llc0d3r1337/slae32-custom-encoder](https://github.com/sh3llc0d3r1337/slae32-custom-encoder) SLAE32 Assignment #4 - Custom Shellcode\n- [**0**星][10m] [pcsxcetra/equationeditorshellcodedecoder](https://github.com/pcsxcetra/equationeditorshellcodedecoder) Tool to decode the encoded Shellcode of this type found in office documents\n\n\n### \u003ca id=\"1d15b6ffe1202baecee2e63ceb01261c\"\u003e\u003c/a\u003e文章\n\n\n- 2019.11 [rapid7] [Metasploit Shellcode Grows Up: Encrypted and Authenticated C Shells](https://blog.rapid7.com/2019/11/21/metasploit-shellcode-grows-up-encrypted-and-authenticated-c-shells/)\n- 2019.11 [aliyun] [Shellcode编码技术](https://xz.aliyun.com/t/6665)\n- 2019.05 [pcsxcetrasupport3] [A deeper look at Equation Editor CVE-2017-11882 with encoded Shellcode](https://pcsxcetrasupport3.wordpress.com/2019/05/22/a-deeper-look-at-equation-editor-cve-2017-11882-with-encoded-shellcode/)\n- 2019.03 [cybersecpolitics] [The Lost Art of Shellcode Encoder/Decoders](https://cybersecpolitics.blogspot.com/2019/03/the-lost-art-of-shellcode.html)\n- 2018.07 [doyler] [编写 Shellcode XOR 编码/解码器, 躲避AV检测](https://www.doyler.net/security-not-included/shellcode-xor-encoder-decoder)\n- 2017.08 [360] [SLAE：如何开发自定义的RBIX Shellcode编码解码器](https://www.anquanke.com/post/id/86693/)\n- 2015.07 [bigendiansmalls] [Building shellcode, egghunters and decoders.](https://www.bigendiansmalls.com/creating-shellcode-to-run-in-uss/)\n- 2015.03 [freebuf] [Huffy：哈夫曼编码的shellcode](http://www.freebuf.com/articles/system/59781.html)\n- 2015.02 [skullsecurity] [GitS 2015: Huffy (huffman-encoded shellcode)](https://blog.skullsecurity.org/2015/gits-2015-huffy-huffman-encoded-shellcode)\n- 2014.12 [zerosum0x0] [x64 Shellcode Byte-Rotate Encoder](https://zerosum0x0.blogspot.com/2014/12/x64-shellcode-byte-rotate-encoder.html)\n- 2014.04 [volatility] [Building a Decoder for the CVE-2014-0502 Shellcode](https://volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0502.html)\n- 2012.08 [debasish] [Experiment With Run Time Encryption/Decryption of Win32 ShellCodes](http://www.debasish.in/2012/08/experiment-with-run-time.html)\n- 2012.05 [pediy] [[原创]shellcode xor编码/解码](https://bbs.pediy.com/thread-151108.htm)\n- 2008.08 [pediy] [[原创]shellcode的一种ascii编码方法](https://bbs.pediy.com/thread-70964.htm)\n\n\n\n\n***\n\n\n## \u003ca id=\"2aad113ca8fd8b2ce5278b3c73afb637\"\u003e\u003c/a\u003e工具\n\n\n- [**513**星][3y] [Py] [reyammer/shellnoob](https://github.com/reyammer/shellnoob) Shellcode编写工具包\n- [**189**星][1y] [Py] [thesecondsun/shellab](https://github.com/thesecondsun/shellab) Shellcode开发/丰富工具，支持Windows/Linux\n- [**184**星][8m] [C++] [jackullrich/shellcodestdio](https://github.com/jackullrich/shellcodestdio) 辅助编写Windows平台的位置无关Shellcode，支持x86/x64\n- [**115**星][4y] [C++] [lcatro/vuln_javascript](https://github.com/lcatro/vuln_javascript) 模拟一个存在漏洞的JavaScript 运行环境,用来学习浏览器漏洞原理和练习如何编写Shellcode\n- [**95**星][2y] [Py] [invictus1306/workshop-bsidesmunich2018](https://github.com/invictus1306/workshop-bsidesmunich2018) ARM shellcode and exploit development - BSidesMunich 2018\n- [**75**星][6m] [C++] [shellvm/shellvm](https://github.com/shellvm/shellvm) A collection of LLVM transform and analysis passes to write shellcode in regular C\n- [**15**星][4y] [Assembly] [novicelive/shellcoding](https://github.com/novicelive/shellcoding) Introduce you to shellcode development.\n- [**6**星][3y] [Java] [jlxip/shellcode-ide](https://github.com/jlxip/shellcode-ide) An IDE for creating shellcodes.\n- [**3**星][2y] [C] [wanttobeno/study_shellcode](https://github.com/wanttobeno/study_shellcode) windows平台下功能性shellcode的编写\n\n\n***\n\n\n## \u003ca id=\"ba82bf5ca275733d09434861aa4becf5\"\u003e\u003c/a\u003e文章\n\n\n- 2020.01 [aliyun] [shellcode编写过程总结](https://xz.aliyun.com/t/7072)\n- 2019.06 [nytrosecurity] [Writing shellcodes for Windows x64](https://nytrosecurity.com/2019/06/30/writing-shellcodes-for-windows-x64/)\n- 2019.04 [4hou] [Windows x86 Shellcode开发：寻找Kernel32.dll地址](https://www.4hou.com/system/17180.html)\n- 2019.02 [X0x0FFB347] [Writing a Custom Shellcode Encoder](https://medium.com/p/31816e767611)\n- 2019.02 [aliyun] [用ARM编写shellcode](https://xz.aliyun.com/t/4098)\n- 2019.01 [fuzzysecurity] [Writing shellcode to binary files](http://fuzzysecurity.com/tutorials/7.html)\n- 2019.01 [fuzzysecurity] [Part 6: Writing W32 shellcode](http://fuzzysecurity.com/tutorials/expDev/6.html)\n- 2019.01 [freebuf] [过年不屯点干货吗，Windows平台高效Shellcode编程技术实战｜精品公开课](https://www.freebuf.com/fevents/194308.html)\n- 2019.01 [ly0n] [[BOOK] Shellcode writting in Windows environments](http://ly0n.me/2019/01/03/shellcode-writting-in-windows-environments/)\n- 2019.01 [ly0n] [[BOOK] Shellcode writting in Windows environments](https://paumunoz.tech/2019/01/03/shellcode-writting-in-windows-environments/)\n- 2018.11 [4hou] [FreeBSD上编写x86 Shellcode初学者指南](http://www.4hou.com/binary/14375.html)\n- 2018.08 [pediy] [[原创]《0day安全...（第二版）》第3章第4节开发通用的shellcode在win10系统下测试的问题](https://bbs.pediy.com/thread-246532.htm)\n- 2018.08 [360] [路由器漏洞复现终极奥义——基于MIPS的shellcode编写](https://www.anquanke.com/post/id/153725/)\n- 2018.07 [pediy] [[翻译]二进制漏洞利用（一）编写ARMshellcode\u0026理解系统函数](https://bbs.pediy.com/thread-230148.htm)\n- 2018.03 [aliyun] [Windows下Shellcode编写详解](https://xz.aliyun.com/t/2108)\n- 2018.02 [freebuf] [Sickle：推荐一款优质ShellCode开发工具](http://www.freebuf.com/sectool/162332.html)\n- 2018.02 [aliyun] [Linux下shellcode的编写](https://xz.aliyun.com/t/2052)\n- 2017.09 [secist] [我的shellcode编写之路 |MSF| Shellcode | kali linux 2017](http://www.secist.com/archives/4809.html)\n- 2017.06 [360] [Shellcode编程之特征搜索定位GetProcAddress](https://www.anquanke.com/post/id/86334/)\n- 2017.06 [skullsecurity] [解决 CTF \"b-64-b-tuff\"：手动编写 base64 解码器及 alphanumeric shellcode](https://blog.skullsecurity.org/2017/solving-b-64-b-tuff-writing-base64-and-alphanumeric-shellcode)\n- 2017.05 [360] [Windows x64 shellcode编写指南](https://www.anquanke.com/post/id/86175/)\n- 2017.05 [freebuf] [如何编写高质量的Windows Shellcode](http://www.freebuf.com/articles/system/133990.html)\n- 2017.05 [pediy] [[翻译]Windows平台下的Shellcode代码优化编写指引](https://bbs.pediy.com/thread-217513.htm)\n- 2017.03 [4hou] [HEVD 内核攻击: 编写Shellcode（三）](http://www.4hou.com/technology/3942.html)\n- 2017.01 [360] [shellcode编程：在内存中解析API地址](https://www.anquanke.com/post/id/85386/)\n- 2016.06 [paraschetal] [Writing your own shellcode.](https://paraschetal.in/writing-your-own-shellcode)\n- 2016.02 [freebuf] [Windows平台shellcode开发入门（三）](http://www.freebuf.com/articles/system/97215.html)\n- 2016.02 [securitycafe] [Introduction to Windows shellcode development – Part 3](https://securitycafe.ro/2016/02/15/introduction-to-windows-shellcode-development-part-3/)\n- 2016.01 [freebuf] [Windows平台shellcode开发入门（二）](http://www.freebuf.com/articles/system/94774.html)\n- 2016.01 [freebuf] [Windows平台shellcode开发入门（一）](http://www.freebuf.com/articles/system/93983.html)\n- 2016.01 [securitygossip] [When Every Byte Counts – Writing Minimal Length Shellcodes](http://securitygossip.com/blog/2016/01/07/2016-01-07/)\n- 2016.01 [sjtu] [When Every Byte Counts – Writing Minimal Length Shellcodes](https://loccs.sjtu.edu.cn/gossip/blog/2016/01/07/2016-01-07/)\n- 2015.12 [securitycafe] [Introduction to Windows shellcode development – Part 2](https://securitycafe.ro/2015/12/14/introduction-to-windows-shellcode-development-part-2/)\n- 2015.10 [securitycafe] [Introduction to Windows shellcode development – Part 1](https://securitycafe.ro/2015/10/30/introduction-to-windows-shellcode-development-part1/)\n- 2015.02 [freebuf] [Windows平台下高级Shellcode编程技术](http://www.freebuf.com/articles/system/58920.html)\n- 2015.02 [pediy] [[原创]windows平台下的高级shellcode编程技术](https://bbs.pediy.com/thread-197835.htm)\n- 2015.02 [topsec] [windows平台下高级shellcode编程技术](http://blog.topsec.com.cn/ad_lab/windows%e5%b9%b3%e5%8f%b0%e4%b8%8b%e5%8a%9f%e8%83%bd%e6%80%a7shellcode%e7%9a%84%e7%bc%96%e5%86%99/)\n- 2014.08 [pediy] [[原创]Masm宏框架 简单编写复杂的ShellCode](https://bbs.pediy.com/thread-191650.htm)\n- 2014.07 [] [使用C编写shellcode](http://www.91ri.org/9057.html)\n- 2013.12 [pediy] [[原创]编写二进制的shellcode](https://bbs.pediy.com/thread-182356.htm)\n- 2013.06 [pediy] [[原创]PE感染\u0026ShellCode编写技术补充](https://bbs.pediy.com/thread-172961.htm)\n- 2013.05 [toolswatch] [ShellNoob v1.0 – Shellcode Writing Toolkit](http://www.toolswatch.org/2013/05/shellnoob-v1-0-shellcode-writing-toolkit/)\n- 2013.04 [reyammer] [ShellNoob 1.0 - a shellcode writing toolkit](http://reyammer.blogspot.com/2013/04/shellnoob-10-shellcode-writing-toolkit.html)\n- 2012.09 [pediy] [[原创]Android系统shellcode编写](https://bbs.pediy.com/thread-155774.htm)\n- 2012.06 [] [shellcode的编写与关键](http://www.91ri.org/3335.html)\n- 2011.06 [pediy] [[原创]MASM之ShellCode框架编写[合并帖]](https://bbs.pediy.com/thread-135062.htm)\n- 2010.10 [pediy] [[原创]Win 7下定位kernel32.dll基址及shellcode编写](https://bbs.pediy.com/thread-122260.htm)\n- 2010.09 [pediy] [[翻译]Exploit 编写系列教程第九篇Win32 Shellcode编写入门](https://bbs.pediy.com/thread-120649.htm)\n- 2010.05 [elearnsecurity] [Writing OS Independent Shellcode](https://blog.elearnsecurity.com/writing-os-independent-shellcode.html)\n- 2010.03 [pediy] [[原创]Writing JIT-Spray Shellcode for fun and profit - CHS[更新完整版]](https://bbs.pediy.com/thread-108861.htm)\n- 2010.01 [pediy] [[原创]编写反连ShellCode遇到的难点并解决之总结](https://bbs.pediy.com/thread-105567.htm)\n- 2009.11 [pediy] [[翻译]Exploit编写系列教程第二篇: 栈溢出——跳至shellcode](https://bbs.pediy.com/thread-101704.htm)\n- 2009.07 [corelan] [Exploit writing tutorial part 2 : Stack Based Overflows – jumping to shellcode](https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/)\n- 2009.01 [pediy] [[翻译]写一段小型溢出代码（译自：Writing Small Shellcode）](https://bbs.pediy.com/thread-80306.htm)\n- 2008.01 [pediy] [[原创]ShellCode编写之hash式函数调用及相关](https://bbs.pediy.com/thread-58393.htm)\n- 2006.07 [pediy] [[原创]VC8编写ShellCode以及辅助工具](https://bbs.pediy.com/thread-28681.htm)\n\n\n# \u003ca id=\"b79d65effe22d7dfa216cdfaaede7abd\"\u003e\u003c/a\u003e启动\u0026\u0026加载\u0026\u0026注入\u0026\u0026执行\n\n\n***\n\n\n## \u003ca id=\"c8f7f9913bbf6ca9ad62b2924a81c5a1\"\u003e\u003c/a\u003e注入\n\n\n### \u003ca id=\"270623a2c94dd2e4a342f46262ee8ae1\"\u003e\u003c/a\u003e工具\n\n\n- [**126**星][2y] [C++] [gpoulios/ropinjector](https://github.com/gpoulios/ropinjector) Patching ROP-encoded shellcodes into PEs\n- [**108**星][1m] [C++] [josh0xa/threadboat](https://github.com/josh0xA/ThreadBoat) uses Thread Execution Hijacking to Inject Native Shellcode into a Standard Win32 Application\n- [**85**星][3y] [C] [countercept/doublepulsar-usermode-injector](https://github.com/countercept/doublepulsar-usermode-injector) 使用 DOUBLEPULSAR payload 用户模式的 Shellcode 向其他进程注入任意 DLL\n- [**63**星][8y] [Py] [sensepost/anapickle](https://github.com/sensepost/anapickle) Toolset for writing shellcode in Python's Pickle language and for manipulating pickles to inject shellcode.\n- [**60**星][2m] [Py] [psychomario/pyinject](https://github.com/psychomario/pyinject) A python module to help inject shellcode/DLLs into windows processes\n- [**43**星][5y] [Py] [borjamerino/tlsinjector](https://github.com/borjamerino/tlsinjector) Python script to inject and run shellcodes through TLS callbacks\n- [**27**星][2y] [Py] [taroballzchen/shecodject](https://github.com/TaroballzChen/shecodject) shecodject is a autoscript for shellcode injection by Python3 programing\n- [**20**星][3m] [Go] [binject/shellcode](https://github.com/binject/shellcode) Shellcode library as a Go package\n- [**19**星][5y] [C] [jorik041/cymothoa](https://github.com/jorik041/cymothoa) Cymothoa is a backdooring tool, that inject backdoor's shellcode directly into running applications. Stealth and lightweight...\n- [**16**星][3y] [PLpgSQL] [michaelburge/redshift-shellcode](https://github.com/michaelburge/redshift-shellcode) Example of injecting x64 shellcode into Amazon Redshift\n- [**14**星][2y] [chango77747/shellcodeinjector_msbuild](https://github.com/chango77747/shellcodeinjector_msbuild) \n- [**10**星][1y] [C++] [egebalci/injector](https://github.com/egebalci/injector) Simple shellcode injector.\n- [**8**星][2y] [C++] [xiaobo93/unmodule_shellcode_inject](https://github.com/xiaobo93/unmodule_shellcode_inject) 无模块注入工程 VS2008\n\n\n### \u003ca id=\"f67fc5d20ddff852419d63d094cb17ba\"\u003e\u003c/a\u003e文章\n\n\n- 2019.12 [aliyun] [手工shellcode注入PE文件](https://xz.aliyun.com/t/6939)\n- 2019.11 [4hou] [代码注入技术之Shellcode注入](https://www.4hou.com/web/21784.html)\n- 2019.11 [ColinHardy] [Excel 4.0 Macros Analysis - Cobalt Strike Shellcode Injection](https://www.youtube.com/watch?v=XnN_UWfHlNM)\n- 2019.09 [freebuf] [在遇到shellcode注入进程时所使用的调试技](https://www.freebuf.com/articles/system/212248.html)\n- 2019.08 [4hou] [远程进程shellcode注入调试技巧](https://www.4hou.com/system/19852.html)\n- 2019.06 [360] [Arm平台Ptrace注入shellcode技术](https://www.anquanke.com/post/id/179985/)\n- 2018.10 [pediy] [[原创]代替创建用户线程使用ShellCode注入DLL的小技巧](https://bbs.pediy.com/thread-247515.htm)\n- 2018.09 [pediy] [[分享]绝对牛逼哄哄的shellcode内存注入,支持64,32,远程内存注入,支持VMP壳最大强度保护](https://bbs.pediy.com/thread-246934.htm)\n- 2018.08 [freebuf] [sRDI：一款通过Shellcode实现反射型DLL注入的强大工具](http://www.freebuf.com/sectool/181426.html)\n- 2018.05 [cobaltstrike] [PowerShell Shellcode Injection on Win 10 (v1803)](https://blog.cobaltstrike.com/2018/05/24/powershell-shellcode-injection-on-win-10-v1803/)\n- 2017.12 [pentesttoolz] [Shecodject – Autoscript for Shellcode Injection](https://pentesttoolz.com/2017/12/30/shecodject-autoscript-for-shellcode-injection/)\n- 2017.12 [MalwareAnalysisForHedgehogs] [Malware Analysis - ROKRAT Unpacking from Injected Shellcode](https://www.youtube.com/watch?v=uoBQE5s2ba4)\n- 2017.11 [freebuf] [Metasploit自动化Bypass Av脚本：Shecodject X Shellcode Injection](http://www.freebuf.com/sectool/154356.html)\n- 2017.10 [pediy] [[原创]通过Wannacry分析内核shellcode注入dll技术](https://bbs.pediy.com/thread-221756.htm)\n- 2017.08 [silentbreaksecurity] [sRDI – Shellcode Reflective DLL Injection](https://silentbreaksecurity.com/srdi-shellcode-reflective-dll-injection/)\n- 2015.12 [dhavalkapil] [Shellcode Injection](https://dhavalkapil.com/blogs/Shellcode-Injection/)\n- 2015.12 [n0where] [Dynamic Shellcode Injection: Shellter](https://n0where.net/dynamic-shellcode-injection-shellter)\n- 2015.10 [freebuf] [Kali Shellter 5.1：动态ShellCode注入工具 绕过安全软件](http://www.freebuf.com/sectool/81955.html)\n- 2015.08 [christophertruncer] [Injecting Shellcode into a Remote Process with Python](https://www.christophertruncer.com/injecting-shellcode-into-a-remote-process-with-python/)\n- 2015.08 [pediy] [[原创]纯C++编写Win32/X64通用Shellcode注入csrss进程.](https://bbs.pediy.com/thread-203140.htm)\n- 2015.07 [BsidesLisbon] [BSidesLisbon2015 - Shellter - A dynamic shellcode injector - Kyriakos Economou](https://www.youtube.com/watch?v=TunWNHYrWp8)\n- 2015.06 [freebuf] [动态Shellcode注入工具 – Shellter](http://www.freebuf.com/sectool/71230.html)\n- 2015.06 [shelliscoming] [TLS Injector: running shellcodes through TLS callbacks](http://www.shelliscoming.com/2015/06/tls-injector-running-shellcodes-through.html)\n- 2014.08 [toolswatch] [Shellter v1.7 A Dynamic ShellCode Injector – Released](http://www.toolswatch.org/2014/08/shellter-v1-7-a-dynamic-shellcode-injector-released/)\n- 2014.06 [toolswatch] [[New Tool] Shellter v1.0 A Dynamic ShellCode Injector – Released](http://www.toolswatch.org/2014/06/new-tool-shellter-v1-0-a-dynamic-shellcode-injector-released/)\n- 2013.06 [debasish] [Injecting Shellcode into a Portable Executable(PE) using Python](http://www.debasish.in/2013/06/injecting-shellcode-into-portable.html)\n- 2013.05 [trustedsec] [Native PowerShell x86 Shellcode Injection on 64-bit Platforms](https://www.trustedsec.com/2013/05/native-powershell-x86-shellcode-injection-on-64-bit-platforms/)\n- 2013.05 [pediy] [[原创]内核ShellCode注入的一种方法](https://bbs.pediy.com/thread-170959.htm)\n- 2012.10 [hackingarticles] [Cymothoa – Runtime shellcode injection Backdoors](http://www.hackingarticles.in/cymothoa-runtime-shellcode-injection-for-stealthy-backdoors/)\n- 2012.09 [hackingarticles] [PyInjector Shellcode Injection attack on Remote PC using Social Engineering Toolkit](http://www.hackingarticles.in/pyinjector-shellcode-injection-attack-on-remote-windows-pc-using-social-engineering-toolkit/)\n- 2012.08 [trustedsec] [New tool PyInjector Released – Python Shellcode Injection](https://www.trustedsec.com/2012/08/new-tool-pyinjector-released-python-shellcode-injection/)\n- 2011.07 [firebitsbr] [Syringe utility provides ability to inject shellcode into processes](https://firebitsbr.wordpress.com/2011/07/08/syringe-utility-provides-ability-to-inject-shellcode-into-processes/)\n- 2007.01 [pediy] [《The Shellcoder's handbook》第十四章_故障注入](https://bbs.pediy.com/thread-38713.htm)\n- 2006.02 [pediy] [[原创]ShellCode的另外一种玩法(远程线程注入ShellCode)](https://bbs.pediy.com/thread-21123.htm)\n\n\n\n\n***\n\n\n## \u003ca id=\"4ad7253b703db90d80efccc99da781e5\"\u003e\u003c/a\u003e执行\n\n\n### \u003ca id=\"b84580eec0d446e20ed9c774946f9325\"\u003e\u003c/a\u003e工具\n\n\n- [**77**星][2m] [C] [dimopouloselias/simpleshellcodeinjector](https://github.com/dimopouloselias/simpleshellcodeinjector) receives as an argument a shellcode in hex and executes it\n\n\n### \u003ca id=\"9cdbcec9e7e4bf040fe9802dc4e1225b\"\u003e\u003c/a\u003e文章\n\n\n- 2019.09 [4hou] [Windows shellcode执行技术入门指南](https://www.4hou.com/web/19758.html)\n- 2019.07 [contextis] [A Beginner’s Guide to Windows Shellcode Execution Techniques](https://www.contextis.com/en/blog/a-beginners-guide-to-windows-shellcode-execution-techniques)\n- 2019.03 [countercept] [Dynamic Shellcode Execution](https://countercept.com/blog/dynamic-shellcode-execution/)\n- 2019.03 [countercept] [Dynamic Shellcode Execution](https://countercept.com/our-thinking/dynamic-shellcode-execution/)\n- 2019.01 [t00ls] [投稿文章：Bypass Applocker + 免杀执行任意 shellcode [ csc + installUtil ]](https://www.t00ls.net/articles-49443.html)\n- 2017.09 [] [ShellCode执行代码iptables -P INPUT ACCEPT](http://www.91ri.org/17267.html)\n- 2017.04 [osandamalith] [使Windows Loader直接执行ShellCode，IDA载入文件时崩溃，而且绕过大多数杀软。](https://osandamalith.com/2017/04/11/executing-shellcode-directly/)\n- 2017.01 [360] [利用原生Windows函数执行shellcode](https://www.anquanke.com/post/id/85372/)\n- 2016.12 [evi1cg] [Office Shellcode Execution](https://evi1cg.me/archives/Office_Shellcode_Execution.html)\n- 2016.10 [qq] [宏病毒利用EnumDateFormats执行Shellcode创建傀进程绕杀软](https://tav.qq.com/index/newsDetail/260.html)\n- 2016.08 [360] [CallWindowProc被宏病毒利用来执行Shellcode](https://www.anquanke.com/post/id/84433/)\n- 2016.06 [modexp] [Shellcode: Execute command for x32/x64 Linux / Windows / BSD](https://modexp.wordpress.com/2016/06/04/winux/)\n- 2016.03 [modexp] [Shellcodes: Executing Windows and Linux Shellcodes](https://modexp.wordpress.com/2016/03/28/winux-shellcodes/)\n- 2015.08 [doyler] [Executing Shellcode with Python](https://www.doyler.net/security-not-included/executing-shellcode-with-python)\n- 2014.11 [BSidesCHS] [BSidesCHS 2013 - Session 02 - Java Shellcode Execution](https://www.youtube.com/watch?v=oVT4khoSYBU)\n- 2014.07 [pediy] [[原创]从内核在WOW64进程中执行用户态shellcode](https://bbs.pediy.com/thread-190596.htm)\n- 2014.03 [sevagas] [Hide meterpreter shellcode in executable](https://blog.sevagas.com/?Hide-meterpreter-shellcode-in-executable)\n- 2013.08 [freebuf] [利用vbs优雅的执行shellcode](http://www.freebuf.com/articles/web/11662.html)\n- 2013.02 [y0nd13] [HunnyBunny: Execute any shellcode on the](https://y0nd13.blogspot.com/2013/02/hunnybunny-execute-any-shellcode-on-the.html)\n- 2012.04 [debasish] [Execute ShellCode Using Python](http://www.debasish.in/2012/04/execute-shellcode-using-python.html)\n- 2010.12 [riusksk] [Shellcode分段执行技术原理](http://riusksk.me/2010/12/23/shellcode-split/)\n- 2009.02 [pediy] [[原创]从执行流程看shellcode（一）[附源代码]](https://bbs.pediy.com/thread-82327.htm)\n- 2008.12 [pediy] [[求助]第五章的通用shellcode在password.txt中始终无法正常执行令我好生头痛](https://bbs.pediy.com/thread-79704.htm)\n\n\n\n\n***\n\n\n## \u003ca id=\"2c78519e8cf84e3863d4c2374ead132f\"\u003e\u003c/a\u003e工具\n\n\n- [**353**星][6y] [C] [inquisb/shellcodeexec](https://github.com/inquisb/shellcodeexec) 在内存中执行opcode序列\n- [**258**星][1m] [C++] [clinicallyinane/shellcode_launcher](https://github.com/clinicallyinane/shellcode_launcher) Shellcode launcher utility\n- [**235**星][4y] [Py] [pyana/pyana](https://github.com/pyana/pyana) 使用Unicorn框架模拟执行Shellcode(Windows)\n- [**229**星][2m] [Go] [brimstone/go-shellcode](https://github.com/brimstone/go-shellcode) Load shellcode into a new process\n- [**153**星][9m] [Assembly] [peterferrie/win-exec-calc-shellcode](https://github.com/peterferrie/win-exec-calc-shellcode) 执行calc.exe的Shellcode (x86/x64, 所有版本/SPs)\n- [**148**星][6m] [Pascal] [coldzer0/cmulator](https://github.com/coldzer0/cmulator) ( x86 - x64 ) Scriptable Reverse Engineering Sandbox Emulator for shellcode and PE binaries . Based on Unicorn \u0026 Zydis Engine \u0026 javascript\n- [**129**星][3y] [PS] [arno0x/dnsdelivery](https://github.com/arno0x/dnsdelivery) delivery and in memory execution of shellcode or .Net assembly using DNS requests delivery channel.\n- [**122**星][3y] [C#] [zerosum0x0/runshellcode](https://github.com/zerosum0x0/runshellcode) .NET GUI program that runs shellcode\n- [**97**星][6m] [PS] [rvrsh3ll/cplresourcerunner](https://github.com/rvrsh3ll/cplresourcerunner) Run shellcode from resource\n- [**91**星][11m] [C] [fireeye/flare-kscldr](https://github.com/fireeye/flare-kscldr) 内核中加载Shellcode: 实例、方法与工具\n- [**73**星][6y] [enigma0x3/powershell-payload-excel-delivery](https://github.com/enigma0x3/powershell-payload-excel-delivery) Uses Invoke-Shellcode to execute a payload and persist on the system.\n- [**64**星][1y] [C] [emptymonkey/drinkme](https://github.com/emptymonkey/drinkme) 从 stdin 读取 ShellCode 并执行。用于部署 ShellCode 之前测试\n- [**57**星][3y] [C] [zerosum0x0/shellcodedriver](https://github.com/zerosum0x0/shellcodedriver) Windows driver to execute arbitrary usermode code (essentially same vulnerability as capcom.sys)\n- [**55**星][2y] [C++] [sisoma2/shellcodeloader](https://github.com/sisoma2/shellcodeloader) Small tool to load shellcodes or PEs to analyze them\n- [**42**星][1y] [C++] [userexistserror/dllloadershellcode](https://github.com/userexistserror/dllloadershellcode) Shellcode to load an appended Dll\n- [**34**星][3y] [Py] [n1nj4sec/pymemimporter](https://github.com/n1nj4sec/pymemimporter) import pyd or execute PE all from memory using only pure python code and some shellcode tricks\n- [**26**星][3y] [Ruby] [eik00d/reverse_dns_shellcode](https://github.com/eik00d/reverse_dns_shellcode) Revrese DNS payload for Metasploit: Download Exec x86 shellcode. Also DNS Handler and VBS bot (alsow working over DNS) as PoC included.\n- [**23**星][1m] [Py] [thomaskeck/pyshellcode](https://github.com/thomaskeck/pyshellcode) Execute ShellCode / \"Inline-Assembler\" in Python\n- [**18**星][3y] [Py] [0xyg3n/mem64](https://github.com/0xyg3n/mem64) Run Any Native PE file as a memory ONLY Payload , most likely as a shellcode using hta attack vector which interacts with Powershell.\n- [**15**星][3y] [C++] [naxalpha/shellcode-loader](https://github.com/naxalpha/shellcode-loader) Shellcode Loader Engine for Windows\n- [**4**星][2y] [C] [samvartaka/triton_analysis](https://github.com/samvartaka/triton_analysis) Analysis of the TRITON/TRISIS/HatMan multi-stage PowerPC shellcode payload\n- [**2**星][3m] [C] [brimstone/shellload](https://github.com/brimstone/shellload) Load shellcode into a new process, optionally under a false name.\n\n\n***\n\n\n## \u003ca id=\"4f9e0536cd4c8b6d7e3597c5c9315df5\"\u003e\u003c/a\u003e文章\n\n\n- 2018.04 [4hou] [一个可以动态分析恶意软件的工具——Kernel Shellcode Loader](http://www.4hou.com/technology/11235.html)\n- 2018.04 [fireeye] [内核中加载Shellcode: 实例、方法与工具](http://www.fireeye.com/blog/threat-research/2018/04/loading-kernel-shellcode.html)\n- 2017.06 [pediy] [[翻译]Windows内核ShellCode的动态加载和调试](https://bbs.pediy.com/thread-218779.htm)\n- 2017.04 [360] [如何从猫咪图片中加载运行shellcode](https://www.anquanke.com/post/id/85824/)\n- 2017.02 [modexp] [Shellcode: Fido and how it resolves GetProcAddress and LoadLibraryA](https://modexp.wordpress.com/2017/02/03/shellcode-iat/)\n- 2014.02 [govolution] [Writing a download and exec shellcode](https://govolution.wordpress.com/2014/02/02/writing-a-download-and-exec-shellcode/)\n\n\n# \u003ca id=\"c86cc38af95f4ccbc3d082b3883af702\"\u003e\u003c/a\u003e生成\n\n\n***\n\n\n## \u003ca id=\"20753578295f405b2fee3ae5659ee214\"\u003e\u003c/a\u003e工具\n\n\n- [**693**星][1m] [C] [thewover/donut](https://github.com/thewover/donut) 生成位置无关的shellcode（x86，x64或AMD64 + x86），该shellcode从内存中加载.NET程序集、PE文件和其他Windows有效负载，并使用参数运行它们\n- [**582**星][2m] [Shell] [r00t-3xp10it/venom](https://github.com/r00t-3xp10it/venom) shellcode 生成器、编译器、处理器(metasploit)\n- [**552**星][8m] [C++] [nytrorst/shellcodecompiler](https://github.com/nytrorst/shellcodecompiler) 将C/C ++样式代码编译成一个小的、与位置无关且无NULL的Shellcode，用于Windows（x86和x64）和Linux（x86和x64）\n- [**493**星][1m] [Py] [zdresearch/owasp-zsc](https://github.com/zdresearch/OWASP-ZSC) Shellcode/混淆代码生成器\n- [**90**星][3y] [C++] [gdelugre/shell-factory](https://github.com/gdelugre/shell-factory) C++-based shellcode builder\n- [**88**星][2m] [Py] [alexpark07/armscgen](https://github.com/alexpark07/armscgen) ARM Shellcode Generator\n- [**80**星][3y] [Py] [hatriot/shellme](https://github.com/hatriot/shellme) simple shellcode generator\n- [**63**星][5y] [Py] [veil-framework/veil-ordnance](https://github.com/veil-framework/veil-ordnance) Veil-Ordnance is a tool designed to quickly generate MSF stager shellcode\n- [**40**星][3y] [Py] [karttoon/trigen](https://github.com/karttoon/trigen) Trigen is a Python script which uses different combinations of Win32 function calls in generated VBA to execute shellcode.\n- [**37**星][3y] [C++] [3gstudent/shellcode-generater](https://github.com/3gstudent/shellcode-generater) No inline asm,support x86/x64\n- [**33**星][2y] [HTML] [rh0dev/shellcode2asmjs](https://github.com/rh0dev/shellcode2asmjs) Automatically generate ASM.JS JIT-Spray payloads\n- [**13**星][4y] [zdresearch/zcr-shellcoder-archive](https://github.com/zdresearch/zcr-shellcoder-archive) ZeroDay Cyber Research - ZCR Shellcoder Archive - z3r0d4y.com Shellcode Generator\n- [**13**星][1m] [C++] [hoodoer/enneos](https://github.com/hoodoer/enneos) Evolutionary Neural Network Encoder of Shenanigans. Obfuscating shellcode with an encoder that uses genetic algorithms to evolve neural networks to contain and output the shellcode on demand.\n- [**10**星][2m] [C#] [clonemerge/shellgen](https://github.com/CloneMerge/ShellGen) Dynamic and extensible shell code generator with multiple output types which can be formatted in binary, hexadecimal, and the typical shellcode output standard.\n- [**4**星][2y] [Shell] [thepisode/linux-shellcode-generator](https://github.com/thepisode/linux-shellcode-generator) Experiments on Linux Assembly shellcodes injection\n- [**1**星][4m] [Py] [ins1gn1a/woollymammoth](https://github.com/ins1gn1a/woollymammoth) Toolkit for manual buffer exploitation, which features a basic network socket fuzzer, offset pattern generator and detector, bad character identifier, shellcode carver, and a vanilla EIP exploiter\n\n\n***\n\n\n## \u003ca id=\"102a321d8be34fab263fe0559145b36c\"\u003e\u003c/a\u003e文章\n\n\n- 2019.07 [aliyun] [生成可打印的shellcode](https://xz.aliyun.com/t/5662)\n- 2019.07 [4hou] [Shellcode生成工具Donut测试分析](https://www.4hou.com/technology/19123.html)\n- 2019.06 [3gstudent] [Shellcode生成工具Donut测试分析](https://3gstudent.github.io/3gstudent.github.io/Shellcode%E7%94%9F%E6%88%90%E5%B7%A5%E5%85%B7Donut%E6%B5%8B%E8%AF%95%E5%88%86%E6%9E%90/)\n- 2018.12 [HackerSploit] [Generating Shellcode With Msfvenom](https://www.youtube.com/watch?v=nNt_gRl8RBk)\n- 2018.10 [pediy] [[原创] 抛砖引玉之gcc生成可可携带字符串的shellcode](https://bbs.pediy.com/thread-247138.htm)\n- 2018.06 [doyler] [Execve Shellcode – Includes Arguments and Generator!](https://www.doyler.net/security-not-included/execve-shellcode-generator)\n- 2018.03 [pediy] [[原创]简陋的小工具:DWORD数组形式拷贝shellcode内容;裸函数生成](https://bbs.pediy.com/thread-225030.htm)\n- 2018.02 [pentesttoolz] [VENOM 1.0.15 – Metasploit Shellcode Generator/Compiler/Listener](https://pentesttoolz.com/2018/02/11/venom-1-0-15-metasploit-shellcode-generator-compiler-listener/)\n- 2017.08 [zerosum0x0] [在线版 混淆字符串/Shellcode 生成器](https://zerosum0x0.blogspot.com/2017/08/obfuscatedencrypted-cc-online-string.html)\n- 2017.07 [pediy] [[原创]开源ShellCode生成引擎](https://bbs.pediy.com/thread-219956.htm)\n- 2017.07 [msreverseengineering] [SynesthesiaYS 介绍](http://www.msreverseengineering.com/blog/2017/7/15/the-synesthesia-shellcode-generator-code-release-and-future-directions)\n- 2017.05 [abatchy] [ROT-N Shellcode Encoder/Generator (Linux x86)](http://www.abatchy.com/2017/05/rot-n-shellcode-encoder-linux-x86)\n- 2017.04 [360] [生成自己的Alphanumeric/Printable shellcode](https://www.anquanke.com/post/id/85871/)\n- 2017.02 [4hou] [Windows Shellcode学习笔记——通过VisualStudio生成shellcode](http://www.4hou.com/technology/3335.html)\n- 2017.01 [christophertruncer] [Shellcode Generation, Manipulation, and Injection in Python 3](https://www.christophertruncer.com/shellcode-manipulation-and-injection-in-python-3/)\n- 2017.01 [3gstudent] [Windows Shellcode学习笔记——通过VisualStudio生成shellcode](https://3gstudent.github.io/3gstudent.github.io/Windows-Shellcode%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0-%E9%80%9A%E8%BF%87VisualStudio%E7%94%9F%E6%88%90shellcode/)\n- 2017.01 [3gstudent] [Windows Shellcode学习笔记——通过VisualStudio生成shellcode](https://3gstudent.github.io/3gstudent.github.io/Windows-Shellcode%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0-%E9%80%9A%E8%BF%87VisualStudio%E7%94%9F%E6%88%90shellcode/)\n- 2016.02 [hackingarticles] [Exploitation of Windows PC using Venom: Shellcode Generator](http://www.hackingarticles.in/exploitation-of-windows-pc-using-venom-shellcode-generator/)\n- 2016.02 [freebuf] [工具推荐：Shellsploit，ShellCode生成器](http://www.freebuf.com/sectool/95039.html)\n- 2016.01 [n0where] [Shellcode Generator: Venom](https://n0where.net/shellcode-generator-venom)\n- 2015.02 [govolution] [Null Free Windows WinExec Shellcode \u0026 Tool for generating Payload](https://govolution.wordpress.com/2015/02/07/one-for-all-null-free-windows-winexec-shellcode-tool-for-generating-payload/)\n- 2014.04 [securityblog] [How to generate shellcode from custom exe in metasploit](http://securityblog.gr/2144/how-to-generate-shellcode-from-custom-exe-in-metasploit/)\n- 2012.05 [freebuf] [phpcodegen-library[php生成shellcode函数库]](http://www.freebuf.com/sectool/1941.html)\n- 2007.11 [pediy] [[原创]生成一个关于URLDownloadToFile的shellcode机器码](https://bbs.pediy.com/thread-55326.htm)\n\n\n# \u003ca id=\"4d515d3e53e9e4ae1f09bd9f4afc5b5a\"\u003e\u003c/a\u003e转换\n\n\n***\n\n\n## \u003ca id=\"eb5e32922251dc76e85ed094adbcacd9\"\u003e\u003c/a\u003e工具\n\n\n- [**635**星][4m] [PS] [monoxgas/srdi](https://github.com/monoxgas/srdi) Shellcode实现的反射DLL注入。将DLL转换为位置无关的Shellcode\n- [**407**星][3m] [Assembly] [hasherezade/pe_to_shellcode](https://github.com/hasherezade/pe_to_shellcode) 将PE文件转换为Shellcode\n- [**79**星][2y] [Py] [blacknbunny/shellcode2assembly](https://github.com/blacknbunny/shellcode2assembly) \n- [**49**星][8m] [C] [w1nds/dll2shellcode](https://github.com/w1nds/dll2shellcode) dll转shellcode工具\n- [**34**星][5y] [C++] [5loyd/makecode](https://github.com/5loyd/makecode) Dll Convert to Shellcode.\n- [**18**星][3y] [Py] [after1990s/pe2shellcode](https://github.com/after1990s/pe2shellcode) pe2shellcode\n- [**12**星][1m] [Py] [davinci13/exe2shell](https://github.com/davinci13/exe2shell) Converts exe to shellcode.\n- [**10**星][3y] [Perl] [gnebbia/shellcoder](https://github.com/gnebbia/shellcoder) Create shellcode from executable or assembly code\n- [**5**星][10m] [C++] [giantbranch/convert-c-javascript-shellcode](https://github.com/giantbranch/convert-c-javascript-shellcode) C与javascript格式的shellcode相互转换小工具\n- [**2**星][7y] [C] [hamza-megahed/binary2shellcode](https://github.com/hamza-megahed/binary2shellcode) binary to shellcode converter\n- [**0**星][6y] [Py] [yatebyalubaluniyat/rawshellcode2exe](https://github.com/yatebyalubaluniyat/rawshellcode2exe) converts raw shellcode to exe\n\n\n***\n\n\n## \u003ca id=\"1d87c2031d25482e324e0b3158e46806\"\u003e\u003c/a\u003e文章\n\n\n- 2017.11 [pediy] [[原创]【Python】使用Python将Shellcode转换成汇编](https://bbs.pediy.com/thread-222965.htm)\n- 2017.11 [freebuf] [如何把shellcode转换成exe文件分析](http://www.freebuf.com/articles/web/152879.html)\n- 2015.12 [hexacorn] [Converting Shellcode to Portable Executable (32- and 64- bit)](http://www.hexacorn.com/blog/2015/12/10/converting-shellcode-to-portable-executable-32-and-64-bit/)\n\n\n# \u003ca id=\"9a0361c824e96f82eaec8829d14cf080\"\u003e\u003c/a\u003e分析\n\n\n***\n\n\n## \u003ca id=\"115b4bfacc38bd2fc9b7fa303b5c58ab\"\u003e\u003c/a\u003e漏洞\n\n\n\n\n***\n\n\n## \u003ca id=\"b636936039c6751d5e736ca2e52c8e1a\"\u003e\u003c/a\u003e工具\n\n\n- [**203**星][2y] [Py] [rootlabs/smap](https://github.com/suraj-root/smap) Handy tool for shellcode analysis\n- [**166**星][2y] [C] [oalabs/blobrunner](https://github.com/oalabs/blobrunner) Quickly debug shellcode extracted during malware analysis\n- [**39**星][4y] [Py] [dungtv543/dutas](https://github.com/dungtv543/dutas) Analysis PE file or Shellcode\n- [**38**星][5y] [C++] [adamkramer/jmp2it](https://github.com/adamkramer/jmp2it) Transfer EIP control to shellcode during malware analysis investigation\n- [**11**星][5y] [Py] [debasishm89/qhook](https://github.com/debasishm89/qhook) qHooK is very simple python script (dependent on pydbg) which hooks user defined Win32 APIs in any process and monitor then while process is running and at last prepare a CSV report with various interesting information which can help reverse engineer to track down / analyse unknown exploit samples / shellcode.\n\n\n***\n\n\n## \u003ca id=\"ae3243cf65f334dd979b7709d6d745d3\"\u003e\u003c/a\u003e文章\n\n\n- 2019.10 [sentinelone] [Building A Custom Tool For Shellcode Analysis](https://www.sentinelone.com/blog/building-a-custom-tool-for-shellcode-analysis/)\n- 2019.04 [freebuf] [Xori：一款针对PE32和Shellcode的自动化反编译与静态分析库](https://www.freebuf.com/sectool/199629.html)\n- 2019.03 [sans] [\"VelvetSweatshop\" Maldocs: Shellcode Analysis](https://isc.sans.edu/forums/diary/VelvetSweatshop+Maldocs+Shellcode+Analysis/24776/)\n- 2019.01 [360] [对某HWP漏洞样本的shellcode分析](https://www.anquanke.com/post/id/169872/)\n- 2018.10 [MSbluehat] [BlueHat v18 || Linear time shellcode detection using state machines and operand analysis on the runtime](https://www.slideshare.net/MSbluehat/bluehat-v18-linear-time-shellcode-detection-using-state-machines-and-operand-analysis-on-the-runtime)\n- 2018.09 [ironcastle] [Analyzing Encoded Shellcode with scdbg, (Mon, Sep 24th)](https://www.ironcastle.net/analyzing-encoded-shellcode-with-scdbg-mon-sep-24th/)\n- 2018.09 [sans] [Analyzing Encoded Shellcode with scdbg](https://isc.sans.edu/forums/diary/Analyzing+Encoded+Shellcode+with+scdbg/24134/)\n- 2018.09 [dist67] [Using scdbg to analyze shellcode](https://www.youtube.com/watch?v=SHgIVMVnP0w)\n- 2018.09 [ironcastle] [Video: Using scdbg to analyze shellcode, (Sat, Sep 8th)](https://www.ironcastle.net/video-using-scdbg-to-analyze-shellcode-sat-sep-8th/)\n- 2018.09 [sans] [Another quickie: Using scdbg to analyze shellcode](https://isc.sans.edu/forums/diary/Another+quickie+Using+scdbg+to+analyze+shellcode/24058/)\n- 2018.08 [doyler] [Metasploit Shellcode Analysis – read_file via ndisasm (SLAE Exam #5.1)](https://www.doyler.net/security-not-included/metasploit-shellcode-analysis)\n- 2018.06 [nao] [Analyzing Shellcode of GrandSoft's CVE-2018-8174](https://www.nao-sec.org/2018/06/analyzing-shellcode-of-grandsofts-cve.html)\n- 2018.05 [pediy] [[原创]od逆向分析栈溢出shellcode](https://bbs.pediy.com/thread-226476.htm)\n- 2018.02 [sans] [Analyzing compressed shellcode](https://isc.sans.edu/forums/diary/Analyzing+compressed+shellcode/23335/)\n- 2017.07 [360] [EternalBlue Shellcode详细分析](https://www.anquanke.com/post/id/86392/)\n- 2017.05 [360] [NSA武器库：DoublePulsar初始SMB后门shellcode分析](https://www.anquanke.com/post/id/86112/)\n- 2017.04 [zerosum0x0] [NSA武器库：DoublePulsar初始SMB后门shellcode分析](https://zerosum0x0.blogspot.com/2017/04/doublepulsar-initial-smb-backdoor-ring.html)\n- 2017.03 [cysinfo] [Episode 3 – Shellcode Analysis with APITracker](https://cysinfo.com/episode-3-shellcode-analysis-apitracker/)\n- 2016.12 [360] [恶意文档分析：从宏指令到Shellcode](https://www.anquanke.com/post/id/85147/)\n- 2016.11 [dist67] [Hancitor Maldoc: Shellcode Dynamic Analysis](https://www.youtube.com/watch?v=N9fqJ0DYs0g)\n- 2016.02 [miasm] [Dynamic shellcode analysis](http://www.miasm.re/blog/2016/02/12/dynamic_shellcode_analysis.html)\n- 2016.01 [freebuf] [Shellcode分析工具PyAna](http://www.freebuf.com/sectool/92990.html)\n- 2015.07 [tencent] [Hacking Team Mac OSX 64位 Shellcode 技术分析](https://security.tencent.com/index.php/blog/msg/89)\n- 2015.07 [riusksk] [Hacking Team 武器库研究（五）：Mac OSX 64位 Shellcode 技术分析](http://riusksk.me/2015/07/15/Hacking-Team-武器库研究（五）：Mac-OSX-64位-Shellcode-技术分析/)\n- 2015.06 [pediy] [[原创]格盘的shellcode分析](https://bbs.pediy.com/thread-201485.htm)\n- 2015.02 [pediy] [[原创]解析coff文件之提取shellcode代码](https://bbs.pediy.com/thread-198188.htm)\n- 2015.01 [checkpoint] [Diving into a Silverlight Exploit and Shellcode – Analysis and Techniques | Check Point Software Blog](https://blog.checkpoint.com/2015/01/08/diving-into-a-silverlight-exploit-and-shellcode-analysis-and-techniques-3/)\n- 2014.12 [sans] [Analyzing Shellcode Extracted from Malicious RTF Documents](https://digital-forensics.sans.org/blog/2014/12/23/analyzing-shellcode-extracted-from-malicious-rtf-other-documents)\n- 2014.12 [jowto] [某EXCEL漏洞样本shellcode分析](http://blog.jowto.com/?p=81)\n- 2014.12 [thembits] [RIG Exploit Kit - Shellcode analysis](http://thembits.blogspot.com/2014/12/rig-exploit-kit-shellcode-analysis.html)\n- 2014.09 [radare] [Adventures with Radare2 #1: A Simple Shellcode Analysis](http://radare.today/posts/adventures-with-radare2-1-a-simple-shellcode-analysis/)\n- 2014.09 [radare] [Adventures with Radare2 #1: A Simple Shellcode Analysis](https://radareorg.github.io/blog/posts/adventures-with-radare2-1-a-simple-shellcode-analysis/)\n- 2014.07 [pediy] [[原创]一段 shellcode 代码的分析](https://bbs.pediy.com/thread-190214.htm)\n- 2014.01 [govolution] [SLAE Assignment 5: Shellcode Analysis](https://govolution.wordpress.com/2014/01/24/slae-assignment-5-shellcode-analysis/)\n- 2011.11 [pediy] [[原创]简单Shellcode的详细分析](https://bbs.pediy.com/thread-142689.htm)\n- 2011.09 [beistlab] [한글 제로데이 쉘코드 간략 분석 (Quick analyzing HanGul 0day shellcode)](https://beistlab.wordpress.com/2011/09/27/hangul_0day_is_used_for_targeted_attacks/)\n- 2011.03 [pediy] [[原创]POC分析助手-ShellcodeDumper](https://bbs.pediy.com/thread-131265.htm)\n- 2011.03 [pediy] [[原创]一个word溢出样本的shellcode分析](https://bbs.pediy.com/thread-130249.htm)\n- 2010.09 [pediy] [[原创]CVE-2006-2389漏洞shellcode解析](https://bbs.pediy.com/thread-121380.htm)\n- 2010.09 [pediy] [[原创]CVE-2010-1297漏洞shellcode简析](https://bbs.pediy.com/thread-121236.htm)\n- 2010.06 [forcepoint] [Crypto-Analysis in Shellcode Detection](https://www.forcepoint.com/blog/security-labs/crypto-analysis-shellcode-detection)\n- 2010.01 [hexblog] [PDF file loader to extract and analyse shellcode](http://www.hexblog.com/?p=110)\n- 2009.10 [pediy] [[原创]windows下的shellcode剖析浅谈](https://bbs.pediy.com/thread-99007.htm)\n- 2009.06 [microsoft] [Shellcode Analysis via MSEC Debugger Extensions](https://msrc-blog.microsoft.com/2009/06/05/shellcode-analysis-via-msec-debugger-extensions/)\n- 2009.03 [alienvault] [Ossim: Shellcode Detection and Analysis](https://www.alienvault.com/blogs/labs-research/ossim-shellcode-detection-and-analysis)\n- 2008.10 [pediy] [[原创]一个word溢出样本ShellCode的分析](https://bbs.pediy.com/thread-75517.htm)\n- 2008.09 [sans] [Static analysis of Shellcode - Part 2](https://isc.sans.edu/forums/diary/Static+analysis+of+Shellcode+Part+2/4972/)\n- 2008.09 [sans] [Static analysis of Shellcode](https://isc.sans.edu/forums/diary/Static+analysis+of+Shellcode/4970/)\n- 2008.06 [pediy] [[原创]flash漏洞所用shellcode的分析](https://bbs.pediy.com/thread-65907.htm)\n- 2007.12 [pediy] [[技术专题]软件漏洞分析入门_6_初级shellcode_定位缓冲区](https://bbs.pediy.com/thread-56755.htm)\n- 2007.06 [pediy] [[原创]一份shellcode的详细分析](https://bbs.pediy.com/thread-46068.htm)\n- 2007.04 [msreverseengineering] [Shellcode Analysis](http://www.msreverseengineering.com/blog/2014/6/22/shellcode-analysis)\n- 2006.11 [pediy] [[原创]用softice对doc捆绑木马或exe文件的程序的shellcode分析](https://bbs.pediy.com/thread-34664.htm)\n\n\n# \u003ca id=\"2783a12f735d75d4d9dd34aade4e27fd\"\u003e\u003c/a\u003eBypassXxx\n\n\n***\n\n\n## \u003ca id=\"68671811bf65fa44f770f9b7bf35edba\"\u003e\u003c/a\u003eAV\n\n\n### \u003ca id=\"501a34037beb98f8db25e453dc8c6178\"\u003e\u003c/a\u003e工具\n\n\n- [**322**星][1m] [C#] [hackplayers/salsa-tools](https://github.com/hackplayers/salsa-tools) ShellReverse TCP/UDP/ICMP/DNS/SSL/BINDTCP/Shellcode/SILENTTRINITY and AV bypass, AMSI patched\n- [**195**星][1y] [Py] [mr-un1k0d3r/unibyav](https://github.com/mr-un1k0d3r/unibyav)  a simple obfuscator that take raw shellcode and generate executable that are Anti-Virus friendly.\n- [**177**星][3y] [Py] [arno0x/shellcodewrapper](https://github.com/arno0x/shellcodewrapper) 支持多种语言的Shellcode包装器，支持编码/加密。可用于绕过杀软\n- [**84**星][2y] [C] [hvqzao/foolavc](https://github.com/hvqzao/foolavc) foolav successor - loads DLL, executable or shellcode into memory and runs it effectively bypassing AV\n- [**78**星][1m] [Py] [k8gege/scrun](https://github.com/k8gege/scrun) BypassAV ShellCode Loader (Cobaltstrike/Metasploit)\n\n\n### \u003ca id=\"e4f187de8742002a534b4140989904a4\"\u003e\u003c/a\u003e文章\n\n\n- 2020.03 [freebuf] [远控免杀从入门到实践（8）-shellcode免杀实践](https://www.freebuf.com/articles/system/228233.html)\n- 2020.02 [aliyun] [那些shellcode免杀总结](https://xz.aliyun.com/t/7170)\n- 2019.12 [aliyun] [shellcode加密过杀软](https://xz.aliyun.com/t/6995)\n- 2019.05 [4hou] [绕过杀软：通过网络接收ShellCode的无文件攻击方式与检测方法](https://www.4hou.com/technology/16845.html)\n- 2017.08 [modexp] [使用名为 Maru 的哈希函数创建permutable API hash，逃避杀软检测](https://modexp.wordpress.com/2017/08/05/shellcode-maru-hash/)\n- 2017.03 [4hou] [免杀的艺术：史上最全的汇编Shellcode的技巧（三）](http://www.4hou.com/technology/3893.html)\n- 2017.03 [pentest] [反检测的艺术（Part 3：Shellcode Alchemy）](https://pentest.blog/art-of-anti-detection-3-shellcode-alchemy/)\n- 2015.09 [] [使用shellcode打造MSF免杀payload](http://www.91ri.org/14240.html)\n- 2013.08 [] [encode msf shellcode绕过杀毒](http://www.91ri.org/6877.html)\n\n\n\n\n***\n\n\n## \u003ca id=\"8c1f3c12de652e3cb2e2d92d28d762d8\"\u003e\u003c/a\u003e工具\n\n\n- [**262**星][2y] [Py] [cryptolok/morphaes](https://github.com/cryptolok/morphaes) 多态shellcode引擎，具有变态特性并能够绕过沙箱，绕过IDPS检测\n- [**226**星][7m] [Py] [infosecn1nja/maliciousmacromsbuild](https://github.com/infosecn1nja/maliciousmacromsbuild) 生成恶意宏，通过MSBuild执行PowerShell或Shellcode，绕过白名单\n- [**159**星][3m] [Py] [rvn0xsy/cooolis-ms](https://github.com/rvn0xsy/cooolis-ms) Cooolis-ms is a server that supports the Metasploit Framework RPC. It is used to work with the Shellcode and PE loader. To some extent, it bypasses the static killing of anti-virus software, and allows the Cooolis-ms server to communicate with the Metasploit server. Separation.\n- [**154**星][2m] [C#] [fireeye/duedlligence](https://github.com/fireeye/duedlligence) Shellcode runner for all application whitelisting bypasses\n- [**3**星][2y] [Py] [manojcode/foxit-reader-rce-with-virualalloc-and-shellcode-for-cve-2018-9948-and-cve-2018-9958](https://github.com/manojcode/foxit-reader-rce-with-virualalloc-and-shellcode-for-cve-2018-9948-and-cve-2018-9958) Foxit Reader version 9.0.1.1049 Use After Free with ASLR and DEP bypass on heap\n\n\n***\n\n\n## \u003ca id=\"fa01326b5bfe12e5417c0f4d30146245\"\u003e\u003c/a\u003e文章\n\n\n- 2019.11 [freebuf] [红蓝对抗之如何利用Shellcode来躲避安全检测](https://www.freebuf.com/articles/system/216742.html)\n- 2019.03 [360] [如何利用OOB数据绕过防火墙对shellcode的拦截](https://www.anquanke.com/post/id/173610/)\n- 2018.07 [pediy] [[翻译]English Shellcode - 散文化Shellcode - 绕过对有效载荷的静态检测的思路](https://bbs.pediy.com/thread-229634.htm)\n- 2017.08 [pediy] [[原创][原创]给shellcode找块福地－ 通过VDSO绕过PXN](https://bbs.pediy.com/thread-220057.htm)\n- 2017.04 [4hou] [Windows Shellcode学习笔记——利用VirtualAlloc绕过DEP](http://www.4hou.com/technology/4093.html)\n- 2017.03 [4hou] [Windows Shellcode学习笔记——通过VirtualProtect绕过DEP](http://www.4hou.com/technology/3943.html)\n- 2017.03 [3gstudent] [Windows Shellcode学习笔记——利用VirtualAlloc绕过DEP](https://3gstudent.github.io/3gstudent.github.io/Windows-Shellcode%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0-%E5%88%A9%E7%94%A8VirtualAlloc%E7%BB%95%E8%BF%87DEP/)\n- 2017.03 [3gstudent] [Windows Shellcode学习笔记——利用VirtualAlloc绕过DEP](https://3gstudent.github.io/3gstudent.github.io/Windows-Shellcode%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0-%E5%88%A9%E7%94%A8VirtualAlloc%E7%BB%95%E8%BF%87DEP/)\n- 2017.03 [3gstudent] [Windows Shellcode学习笔记——通过VirtualProtect绕过DEP](https://3gstudent.github.io/3gstudent.github.io/Windows-Shellcode%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0-%E9%80%9A%E8%BF%87VirtualProtect%E7%BB%95%E8%BF%87DEP/)\n- 2017.03 [3gstudent] [Windows Shellcode学习笔记——通过VirtualProtect绕过DEP](https://3gstudent.github.io/3gstudent.github.io/Windows-Shellcode%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0-%E9%80%9A%E8%BF%87VirtualProtect%E7%BB%95%E8%BF%87DEP/)\n- 2012.08 [pediy] [[原创]一种反检测的Shellcode GetPC方法Flush GetPC](https://bbs.pediy.com/thread-154689.htm)\n- 2011.12 [greyhathacker] [Bypassing EMET’s EAF with custom shellcode using kernel pointer](http://www.greyhathacker.net/?p=483)\n\n\n# \u003ca id=\"82f62a71fbfb0aec18860663d4de5ec2\"\u003e\u003c/a\u003eARM\n\n\n***\n\n\n## \u003ca id=\"9ebdbbcde063e2fd71a1f9fef001315a\"\u003e\u003c/a\u003e工具\n\n\n- [**180**星][3m] [C] [odzhan/shellcode](https://github.com/odzhan/shellcode) 针对Windows/Linux/BSD的Shellcode\n- [**41**星][1y] [Assembly] [therealsaumil/arm_shellcode](https://github.com/therealsaumil/arm_shellcode) Make ARM Shellcode Great Again\n\n\n***\n\n\n## \u003ca id=\"c7014efbebcc4831883c878a9c4b1736\"\u003e\u003c/a\u003e文章\n\n\n- 2019.06 [hitbsecconf] [#HITB2019AMS D1T1 - Make ARM Shellcode Great Again - Saumil Shah](https://www.youtube.com/watch?v=c_jUELOScLc)\n- 2019.04 [X0x0FFB347] [Shellcode for IoT: A Password-Protected Reverse Shell (Linux/ARM)](https://medium.com/p/a18fcda4853b)\n- 2019.02 [senr] [Why is My Perfectly Good Shellcode Not Working?: Cache Coherency on MIPS and ARM](https://blog.senr.io/blog/why-is-my-perfectly-good-shellcode-not-working-cache-coherency-on-mips-and-arm)\n- 2018.10 [Cooper] [Hack.lu 2018: Make ARM Shellcode Great Again - Saumil Udayan Shah](https://www.youtube.com/watch?v=9tx293lbGuc)\n- 2018.02 [modexp] [ARM 汇编初学者指南](https://modexp.wordpress.com/2018/02/04/arm-crypto/)\n- 2017.09 [modexp] [Shellcode: Linux ARM (AArch64)](https://modexp.wordpress.com/2017/09/11/shellcode-linux-aarch64/)\n- 2017.09 [modexp] [Shellcode: Linux ARM Thumb mode](https://modexp.wordpress.com/2017/09/09/shellcode-linux-arm-thumb/)\n- 2016.08 [arxiv] [[1608.03415] ARMv8 Shellcodes from 'A' to 'Z'](https://arxiv.org/abs/1608.03415)\n- 2015.07 [osandamalith] [Getting Shellcode from ARM Binaries](https://osandamalith.com/2015/07/02/getting-shellcode-from-arm-binaries/)\n\n\n# \u003ca id=\"bfaa9390189b5c4ab46ca5631adf3453\"\u003e\u003c/a\u003e其他\n\n\n***\n\n\n## \u003ca id=\"16001cb2fae35b722deaa3b9a8e5f4d5\"\u003e\u003c/a\u003e工具\n\n\n### \u003ca id=\"714ed53324dd30fc14a3ca7c02b9fc1c\"\u003e\u003c/a\u003e收集\n\n\n- [**981**星][1m] [Py] [nullsecuritynet/tools](https://github.com/nullsecuritynet/tools) 收集：安全工具、Exp、PoC、Shellcode、脚本\n\n\n### \u003ca id=\"98d70f3829393b5da364689bc902bab0\"\u003e\u003c/a\u003e新添加\n\n\n- [**179**星][2y] [PS] [mattifestation/pic_bindshell](https://github.com/mattifestation/pic_bindshell) Position Independent Windows Shellcode Written in C\n- [**156**星][3y] [Py] [secretsquirrel/fido](https://github.com/secretsquirrel/fido) Teaching old shellcode new tricks\n- [**155**星][4y] [C] [ixty/xarch_shellcode](https://github.com/ixty/xarch_shellcode) Cross Architecture Shellcode in C\n- [**148**星][4y] [Py] [kgretzky/python-x86-obfuscator](https://github.com/kgretzky/python-x86-obfuscator) This is a **WIP** tool that performs shellcode obfuscation in x86 instruction set.\n- [**129**星][4y] [Assembly] [osirislab/shellcode](https://github.com/osirislab/Shellcode) a repository of Shellcode written by students in NYU-Polytechnic's ISIS lab.\n- [**124**星][6y] [tombkeeper/shellcode_template_in_c](https://github.com/tombkeeper/shellcode_template_in_c) \n- [**115**星][5y] [C] [mariovilas/shellcode_tools](https://github.com/mariovilas/shellcode_tools) Miscellaneous tools written in Python, mostly centered around shellcodes.\n- [**76**星][2y] [Assembly] [zznop/pop-nedry](https://github.com/zznop/pop-nedry) x86-64 Windows shellcode that recreates the Jurassic Park hacking scene (Ah, ah, ah... you didn't' say the magic word!)\n- [**66**星][4y] [Assembly] [scorchsecurity/systorm](https://github.com/scorchsecurity/systorm) NASM Standard Library for shellcode\n- [**60**星][1m] [Py] [ohjeongwook/shellcodeemulator](https://github.com/ohjeongwook/shellcodeemulator) Shellcode emulator written with Unicorn\n- [**60**星][2m] [VBScript] [djhohnstein/scatterbrain](https://github.com/djhohnstein/scatterbrain) Suite of Shellcode Running Utilities\n- [**59**星][4y] [C] [k2/admmutate](https://github.com/k2/admmutate) Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others\n- [**57**星][3m] [C] [buffer/libemu](https://github.com/buffer/libemu) x86 emulation and shellcode detection\n- [**56**星][6y] [C] [devzero2000/shellcoderhandbook](https://github.com/devzero2000/shellcoderhandbook) shellcoderhandbook source code : \"The Shellcoder's Handbook: Discovering and Exploiting Security Holes\"\n- [**49**星][4y] [Assembly] [t00sh/assembly](https://github.com/t00sh/assembly) Collection of Linux shellcodes\n- [**44**星][3y] [C] [p0cl4bs/shellcodes](https://github.com/p0cl4bs/shellcodes) \n- [**44**星][1m] [Py] [offsecginger/pythonaesobfuscate](https://github.com/offsecginger/pythonaesobfuscate) Obfuscates a Python Script and the accompanying Shellcode.\n- [**43**星][8y] [C] [hellman/shtest](https://github.com/hellman/shtest) Simple shellcode testing tool.\n- [**39**星][4y] [C] [laginimaineb/waroftheworlds](https://github.com/laginimaineb/waroftheworlds) QSEE Shellcode to directly hijack the \"Normal World\" Linux Kernel\n- [**38**星][5m] [Py] [desword/shellcode_tools](https://github.com/desword/shellcode_tools) Useful tools for writing shellcode\n- [**38**星][4y] [Assembly] [sh3llc0d3r1337/windows_reverse_shell_1](https://github.com/sh3llc0d3r1337/windows_reverse_shell_1) Windows Reverse Shell shellcode\n- [**36**星][3y] [Assembly] [mortenschenk/token-stealing-shellcode](https://github.com/mortenschenk/token-stealing-shellcode) \n- [**34**星][8m] [C] [csandker/inmemoryshellcode](https://github.com/csandker/inmemoryshellcode) A Collection of In-Memory Shellcode Execution Techniques for Windows\n- [**34**星][2m] [Py] [skybulk/bin2sc](https://github.com/skybulk/bin2sc) Binary to shellcode from an object/executable format 32 \u0026 64-bit PE , ELF\n- [**33**星][3y] [Py] [mipu94/broids_unicorn](https://github.com/mipu94/broids_unicorn) simple plugin to detect shellcode on Bro IDS with Unicorn\n- [**27**星][7y] [C] [hacksysteam/shellcodeofdeath](https://github.com/hacksysteam/shellcodeofdeath) Shellcode Of Death\n- [**26**星][2y] [C] [embedi/tcl_shellcode](https://github.com/embedi/tcl_shellcode) A template project for creating a shellcode for the Cisco IOS in the C language\n- [**26**星][5m] [C] [ufrisk/shellcode64](https://github.com/ufrisk/shellcode64) A minimal tool to extract shellcode from 64-bit PE binaries.\n- [**25**星][3y] [C] [osandamalith/shellcodes](https://github.com/osandamalith/shellcodes) My Shellcode Archive\n- [**25**星][5y] [C++] [rootkitsmm/winio-vidix](https://github.com/rootkitsmm/winio-vidix) Exploit WinIo - Vidix and Run Shellcode in Windows Kerne ( local Privilege escalation )\n- [**24**星][5y] [C#] [tophertimzen/shellcodetester](https://github.com/tophertimzen/shellcodetester) GUI Application in C# to run and disassemble shellcode\n- [**23**星][5y] [Assembly] [zerosum0x0/slae64](https://github.com/zerosum0x0/slae64) x64 Linux Shellcode\n- [**23**星][3m] [Py] [zerosteiner/crimson-forge](https://github.com/zerosteiner/crimson-forge) Sustainable shellcode evasion\n- [**21**星][4y] [Visual Basic .NET] [osandamalith/vbshellcode](https://github.com/osandamalith/vbshellcode) Making shellcode UD -\n- [**20**星][2y] [Py] [danielhenrymantilla/shellcode-factory](https://github.com/danielhenrymantilla/shellcode-factory) Tool to create and test shellcodes from custom assembly sources (with some encoding options)\n- [**20**星][5m] [Assembly] [pinkp4nther/shellcodes](https://github.com/pinkp4nther/shellcodes) I'll post my custom shellcode I make here!\n- [**20**星][1y] [C] [m0rv4i/ridgway](https://github.com/m0rv4i/ridgway) A quick tool for hiding a new process running shellcode.\n- [**19**星][4y] [Assembly] [bruce30262/x86_shellcode_tutorial](https://github.com/bruce30262/x86_shellcode_tutorial) A training course for BambooFox\n- [**17**星][2y] [Py] [hamza-megahed/pentest-with-shellcode](https://github.com/hamza-megahed/pentest-with-shellcode) Penetration testing with shellcode codes\n- [**15**星][1m] [C] [compilepeace/kaal_bhairav](https://github.com/compilepeace/kaal_bhairav) an ELF (ET_EXEC and ET_DYN) infector that infects system binaries with custom shellcode\n- [**15**星][2y] [Py] [nullarray/shellware](https://github.com/nullarray/shellware) Persistent bind shell via pythonic shellcode execution, and registry tampering.\n- [**11**星][8m] [Assembly] [egebalci/selfdefense](https://github.com/EgeBalci/SelfDefense) Several self-defense shellcodes\n- [**10**星][2y] [Py] [1project/scanr](https://github.com/1project/scanr) Detect x86 shellcode in files and traffic.\n- [**10**星][3m] [C] [hc0d3r/scdump](https://github.com/hc0d3r/scdump) shellcode dumper\n- [**9**星][11m] [C] [eahlstrom/ucui-unicorn](https://github.com/eahlstrom/ucui-unicorn) ncurses shellcode/instructions tester using unicorn-engine\n- [**8**星][3y] [Py] [breaktoprotect/shellcarver](https://github.com/breaktoprotect/shellcarver) 使用限制字符集在内存雕刻（Carve ） shellcode。手动版的 msfvenom -b\n- [**8**星][5y] [hoainam1989/shellcode](https://github.com/hoainam1989/shellcode) Tut for making Linux Shellcode\n- [**7**星][3y] [Assembly] [mortenschenk/acl_edit](https://github.com/mortenschenk/acl_edit) Assembly code to use for Windows kernel shellcode to edit winlogon.exe ACL\n- [**7**星][11m] [C] [lnslbrty/bufflow](https://github.com/lnslbrty/bufflow) A collection of security related code examples e.g. a buffer overflow including an exploit, crypters, shellcodes and more.\n- [**6**星][3y] [C] [degrigis/exploitation](https://github.com/degrigis/exploitation) Repo for various exploitation utilities/PoC/Shellcodes/CTF solutions\n- [**6**星][11m] [Assembly] [govolution/win32shellcode](https://github.com/govolution/win32shellcode) \n- [**4**星][4y] [Assembly] [theevilbit/shellcode](https://github.com/theevilbit/shellcode) Some random shellcodes I created\n- [**2**星][5y] [Assembly] [govolution/moreshellcode](https://github.com/govolution/moreshellcode) \n- [**2**星][2y] [hamza-megahed/shellcode](https://github.com/hamza-megahed/shellcode) Linux/x86 Shellcodes\n- [**1**星][2y] [orf53975/rig-exploit-for-cve-2018-8174](https://github.com/orf53975/rig-exploit-for-cve-2018-8174) Rig Exploit for CVE-2018-8174 As with its previous campaigns, Rig’s Seamless campaign uses malvertising. In this case, the malvertisements have a hidden iframe that redirects victims to Rig’s landing page, which includes an exploit for CVE-2018-8174 and shellcode. This enables remote code execution of the shellcode obfuscated in the landing page…\n- [**1**星][3y] [Ruby] [shayanzare/obj2shellcode](https://github.com/shayanzare/obj2shellcode) Objdump to ShellCode\n- [**1**星][6y] [Assembly] [stephenbradshaw/shellcode](https://github.com/stephenbradshaw/shellcode) Various shell code I have written\n- [**1**星][6m] [Assembly] [push4d/shellcode-alfanumerico---spawn-bin-sh-elf-x86-](https://github.com/push4d/shellcode-alfanumerico---spawn-bin-sh-elf-x86-) PoC Shellcode alfanumerico (Solo numeros y letras (mayúsculas y minúsculas)) para invocar un /bin/sh, ELF x86\n- [**1**星][10y] [Assembly] [skylined/w32-bind-ngs-shellcode](https://github.com/skylined/w32-bind-ngs-shellcode) Automatically exported from code.google.com/p/w32-bind-ngs-shellcode\n- [**0**星][2y] [Assembly] [felixzhang00/shellcode_example](https://github.com/felixzhang00/shellcode_example) \n- [**0**星][2y] [Py] [orangepirate/cve-2018-9948-9958-exp](https://github.com/orangepirate/cve-2018-9948-9958-exp) a exp for cve-2018-9948/9958 , current shellcode called win-calc\n- [**0**星][5y] [C] [quantumvm/forkshellcode](https://github.com/quantumvm/forkshellcode) Runs and executable and forks shellcode.\n- [**0**星][4y] [Makefile] [sh3llc0d3r1337/slae32-polymorphic-shellcodes](https://github.com/sh3llc0d3r1337/slae32-polymorphic-shellcodes) SLAE32 Assignment #6 - Polymorphic shellcodes\n- [**0**星][5y] [Py] [wjlandryiii/shellcode](https://github.com/wjlandryiii/shellcode) my shellcode\n\n\n### \u003ca id=\"d342759bd2543421de29133d9b376df8\"\u003e\u003c/a\u003e其他\n\n\n- [**2425**星][2y] [Py] [secretsquirrel/the-backdoor-factory](https://github.com/secretsquirrel/the-backdoor-factory) 为PE, ELF, Mach-O二进制文件添加Shellcode后门\n- [**2209**星][1m] [Py] [trustedsec/unicorn](https://github.com/trustedsec/unicorn) 通过PowerShell降级攻击, 直接将Shellcode注入到内存\n- [**664**星][1y] [Rust] [endgameinc/xori](https://github.com/endgameinc/xori) 自动化反汇编、静态分析库，适用于PE32, 32+ 和shellcode\n- [**470**星][3y] [Py] [trustedsec/meterssh](https://github.com/trustedsec/meterssh) 将Shellcode注入内存，然后通过SSH隧道传输（端口任选，并伪装成普通SSH连接）\n- [**430**星][2m] [C] [hasherezade/hollows_hunter](https://github.com/hasherezade/hollows_hunter) Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).\n- [**225**星][1m] [PS] [outflanknl/excel4-dcom](https://github.com/outflanknl/excel4-dcom) PowerShell和Cobalt Strike脚本，通过DCOM执行Excel4.0/XLM宏实现横向渗透（直接向Excel.exe注入Shellcode）\n\n\n\n\n***\n\n\n## \u003ca id=\"7d2b1d324dbfb20c3c6da343e9443a5c\"\u003e\u003c/a\u003e文章\n\n\n### \u003ca id=\"596105c2fa0590982160279ebd1b1eac\"\u003e\u003c/a\u003e新添加\n\n\n- 2020.02 [3gstudent] [通过Mono(跨平台.NET运行环境)执行shellcode](https://3gstudent.github.io/3gstudent.github.io/%E9%80%9A%E8%BF%87Mono(%E8%B7%A8%E5%B9%B3%E5%8F%B0.NET%E8%BF%90%E8%A1%8C%E7%8E%AF%E5%A2%83)%E6%89%A7%E8%A1%8Cshellcode/)\n- 2020.02 [3gstudent] [通过Boolang语言执行shellcode的利用分析](https://3gstudent.github.io/3gstudent.github.io/%E9%80%9A%E8%BF%87Boolang%E8%AF%AD%E8%A8%80%E6%89%A7%E8%A1%8Cshellcode%E7%9A%84%E5%88%A9%E7%94%A8%E5%88%86%E6%9E%90/)\n- 2019.12 [johnlatwc] [Early Security Stories — Green Shellcode Contest](https://medium.com/p/c9aa151b441c)\n- 2019.11 [aliyun] [shellcode 的艺术](https://xz.aliyun.com/t/6645)\n- 2019.08 [osandamalith] [Running Shellcode Directly in C](https://osandamalith.com/2019/08/27/running-shellcode-directly-in-c/)\n- 2019.08 [code610] [ret2shellcode challenge](https://code610.blogspot.com/2019/08/ret2shellcode-challenge.html)\n- 2019.08 [sentinelone] [Malicious Input: How Hackers Use Shellcode](https://www.sentinelone.com/blog/malicious-input-how-hackers-use-shellcode/)\n- 2019.07 [pcsxcetrasupport3] [Those Pesky Powershell Shellcode’s And How To Understand Them](https://pcsxcetrasupport3.wordpress.com/2019/07/07/those-pesky-powershell-shellcodes-and-how-to-understand-them/)\n- 2019.07 [gironsec] [A Shellcode Idea](https://www.gironsec.com/blog/2019/07/a-shellcode-idea/)\n- 2019.06 [gironsec] [Expiring Shellcode update](https://www.gironsec.com/blog/2019/06/expiring-shellcode-update/)\n- 2019.05 [X0x0FFB347] [Solving MalwareTech Shellcode challenges with some radare2 magic!](https://medium.com/p/b91c85babe4b)\n- 2019.05 [osandamalith] [Shellcode to Dump the Lsass Process](https://osandamalith.com/2019/05/11/shellcode-to-dump-the-lsass-process/)\n- 2019.03 [vkremez] [Let's Learn: Dissecting Operation ShadowHammer Shellcode Internals in crt_ExitProcess](https://www.vkremez.com/2019/03/lets-learn-dissecting-operation.html)\n- 2019.03 [X0x0FFB347] [A Trinity of Shellcode, AES \u0026 Go](https://medium.com/p/f6cec854f992)\n- 2019.03 [BorjaMerino] [One-Way Shellcode for firewall evasion using Out Of Band data](https://www.youtube.com/watch?v=wbG7M_Z7GRk)\n- 2019.03 [shelliscoming] [One-Way Shellcode for firewall evasion using Out Of Band data](https://www.shelliscoming.com/2019/03/one-way-shellcode-for-firewall-evasion.html)\n- 2019.03 [pcsxcetrasupport3] [A look at a bmp file with embedded shellcode](https://pcsxcetrasupport3.wordpress.com/2019/03/02/a-look-at-a-bmp-file-with-embedded-shellcode/)\n- 2019.01 [fuzzysecurity] [FreeFloat FTP (custom shellcode)](http://fuzzysecurity.com/exploits/12.html)\n- 2019.01 [fuzzysecurity] [Windows XP PRO SP3 - Full ROP calc shellcode](http://fuzzysecurity.com/exploits/ropshell2.html)\n- 2019.01 [micropoor] [Micropoor_shellcode for payload backdoor](https://micropoor.blogspot.com/2019/01/micropoorshellcode-for-payload-backdoor.html)\n- 2019.01 [ironcastle] [Maldoc with Nonfunctional Shellcode, (Wed, Jan 2nd)](https://www.ironcastle.net/maldoc-with-nonfunctional-shellcode-wed-jan-2nd/)\n- 2019.01 [sans] [Maldoc with Nonfunctional Shellcode](https://isc.sans.edu/forums/diary/Maldoc+with+Nonfunctional+Shellcode/24478/)\n- 2018.11 [MalwareTech] [Beginner Reversing #3 (Shellcode2 \u0026 Lab Overview)](https://www.youtube.com/watch?v=jm4DmdygLvw)\n- 2018.10 [MalwareTech] [Beginner Reversing #2 (Shellcode1 \u0026 MEMZ Malware)](https://www.youtube.com/watch?v=b0WQwCQGjv4)\n- 2018.10 [doyler] [Custom Shellcode Crypter – SLAE Exam Assignment #7](https://www.doyler.net/security-not-included/custom-shellcode-crypter)\n- 2018.09 [doyler] [Polymorphic Shellcode – SLAE Exam Assignment #6](https://www.doyler.net/security-not-included/polymorphic-shellcode)\n- 2018.09 [malwarenailed] [Reversing shellcode using blobrunner and Olly](http://malwarenailed.blogspot.com/2018/09/reversing-shellcode-using-blobrunner.html)\n- 2018.08 [secist] [MMFML-powershell-shellcode](http://www.secist.com/archives/7055.html)\n- 2018.08 [doyler] [Shellcode Encoding – Random Bytewise XOR (SLAE Exam #4)](https://www.doyler.net/security-not-included/shellcode-encoding-random-bytewise-xor)\n- 2018.08 [nightst0rm] [Tản mạn về edit shellcode của metasploit](https://medium.com/p/8b8992ebbf39)\n- 2018.08 [trendmicro] [Use-after-free (UAF) Vulnerability CVE-2018-8373 in VBScript Engine Affects Internet Explorer to Run Shellcode](https://blog.trendmicro.com/trendlabs-security-intelligence/use-after-free-uaf-vulnerability-cve-2018-8373-in-vbscript-engine-affects-internet-explorer-to-run-shellcode/)\n- 2018.08 [doyler] [Egg Hunter Shellcode – SLAE Exam Assignment #3](https://www.doyler.net/security-not-included/egg-hunter-shellcode)\n- 2018.07 [doyler] [Shell Reverse TCP Shellcode – SLAE Exam Assignment #2](https://www.doyler.net/security-not-included/shell-reverse-tcp-shellcode)\n- 2018.07 [doyler] [Shell Bind TCP Shellcode – SLAE Exam Assignment #1](https://www.doyler.net/security-not-included/shell-bind-tcp-shellcode)\n- 2018.06 [pediy] [[原创]windows下shellcode提取模板的实现](https://bbs.pediy.com/thread-229398.htm)\n- 2018.06 [doyler] [Hello World Shellcode – Now for the fun part!](https://www.doyler.net/security-not-included/hello-world-shellcode)\n- 2018.06 [shelliscoming] [Windows reuse shellcode based on socket's lifetime](https://www.shelliscoming.com/2018/06/windows-reuse-shellcode-based-on.html)\n- 2018.05 [aliyun] [溢出过程需要的shellcode测试](https://xz.aliyun.com/t/2349)\n- 2018.05 [pentestingexperts] [smap: Shellcode mapper](http://www.pentestingexperts.com/smap-shellcode-mapper-2/)\n- 2018.05 [rapid7] [隐藏Metasploit Shellcode, 躲避Windows Defender检测](https://blog.rapid7.com/2018/05/03/hiding-metasploit-shellcode-to-evade-windows-defender/)\n- 2018.04 [sploitspren] [Linux x86 Polymorphic Shellcode](https://www.sploitspren.com/2018-04-20-Linux-x86-Polymorphic-Shellcode/)\n- 2018.04 [sploitspren] [Linux x86 Polymorphic Shellcode](https://www.absolomb.com/2018-04-20-Linux-x86-Polymorphic-Shellcode/)\n- 2018.04 [venus] [Cisco ios shellcode: all-in-one译文](https://paper.seebug.org/569/)\n- 2018.04 [aliyun] [Coding art in shellcode（3）](https://xz.aliyun.com/t/2245)\n- 2018.04 [aliyun] [Coding art in shellcode（2）](https://xz.aliyun.com/t/2244)\n- 2018.04 [aliyun] [Coding art in shellcode（1）](https://xz.aliyun.com/t/2243)\n- 2018.02 [360] [Windows(x86与x64) Shellcode技术研究](https://www.anquanke.com/post/id/97601/)\n- 2018.01 [trackwatch] [Improving custom shellcode detection](http://trackwatch.com/improving-custom-shellcode-detection/)\n- 2017.12 [OALabs] [Debugging shellcode using BlobRunner and IDA Pro](https://www.youtube.com/watch?v=q9q8dy-2Jeg)\n- 2017.11 [360] [Egg Hunting：一个非常短的shellcode](https://www.anquanke.com/post/id/87321/)\n- 2017.11 [modexp] [可以当作推文发送的 x86 Windows 反向 Shell](https://modexp.wordpress.com/2017/11/16/tweetable-shellcode-windows/)\n- 2017.11 [trackwatch] [[CODEBREAKER] Présentation de la détection des shellcodes encodés sur GATEWATCHER sur Windows Server 2008 R2 (Version 2.X minimum)](http://trackwatch.com/codebreaker-presentation-de-la-detection-des-shellcodes-encodes-sur-gatewatcher-sur-windows-server-2008-r2-version-2-x-minimum/)\n- 2017.11 [mediaservice] [A patch for PowerSploit’s Invoke-Shellcode.ps1](https://techblog.mediaservice.net/2017/11/a-patch-for-powersploits-invoke-shellcode-ps1/)\n- 2017.10 [freebuf] [用TEB结构实现ShellCode的通用性](http://www.freebuf.com/articles/system/150474.html)\n- 2017.10 [trackwatch] [[CODEBREAKER] Présentation de la détection des shellcodes encodés sur GATEWATCHER sur Linux (Version 2.X minimum)](http://trackwatch.com/codebreaker-presentation-de-la-detection-des-shellcodes-encodes-sur-gatewatcher-sur-linux-version-2-x-minimum/)\n- 2017.10 [trackwatch] [[CODEBREAKER] Présentation de la détection des shellcodes custom non encodés sur GATEWATCHER sur Windows XP (Version 2.5 minimum)](http://trackwatch.com/codebreaker-presentation-de-la-detection-des-shellcodes-custom-non-encodes-sur-gatewatcher-sur-windows-xp-version-2-5-minimum/)\n- 2017.09 [aliyun] [Shellcode另类使用方式](https://xz.aliyun.com/t/56)\n- 2017.08 [360] [HITB GSEC CTF Win Pwn解题全记录之babyshellcode](https://www.anquanke.com/post/id/86717/)\n- 2017.08 [venus] [HITB GSEC CTF Win Pwn 解题全记录之 babyshellcode](https://paper.seebug.org/378/)\n- 2017.08 [360] [通过Shellcode聚类识别定向攻击（APT）相关的恶意代码](https://www.anquanke.com/post/id/86700/)\n- 2017.08 [vkremez] [Let's Learn: Preparing Shellcode in NASM](https://www.vkremez.com/2017/08/preparing-shellcode-in-nasm.html)\n- 2017.08 [4hou] [教你如何使用分组密码对shellcode中的windows api字符串进行加密](http://www.4hou.com/info/news/7070.html)\n- 2017.07 [ColinHardy] [Extract Shellcode from Fileless Malware like a Pro](https://www.youtube.com/watch?v=jbieGfML0Bs)\n- 2017.06 [modexp] [Shellcode: The hunt for GetProcAddress](https://modexp.wordpress.com/2017/06/21/shellcode-getprocaddress/)\n- 2017.06 [nsfocus] [手把手简易实现shellcode及详解](http://blog.nsfocus.net/simple-realization-hand-handle-shellcode-detailed-explanation/)\n- 2017.06 [pediy] [[翻译]Shellcode:x86优化 part 1](https://bbs.pediy.com/thread-218410.htm)\n- 2017.06 [modexp] [Shellcode: x86 优化方案（part 1）。Part 1 包括4部分：变量/寄存器的声明和初始化、测试变量/寄存器的值、条件跳转和控制流、字符转换](https://modexp.wordpress.com/2017/06/07/x86-trix-one/)\n- 2017.05 [secist] [ShellCode入门（提取ShellCode）](http://www.secist.com/archives/3538.html)\n- 2017.05 [secist] [任意程序添加ShellCode](http://www.secist.com/archives/3472.html)\n- 2017.05 [abatchy] [Linux/x86 - Disable ASLR Shellcode (71 bytes)](http://www.abatchy.com/2017/05/linuxx86-disable-aslr-shellcode-71-bytes)\n- 2017.04 [abatchy] [Shellcode reduction tips (x86)](http://www.abatchy.com/2017/04/shellcode-reduction-tips-x86)\n- 2017.03 [pediy] [[原创][shellcode框架（一）] 认识shellcode，部署shellcode开放框架](https://bbs.pediy.com/thread-216608.htm)\n- 2017.03 [360] [探索基于Windows 10的Windows内核Shellcode（Part 4）](https://www.anquanke.com/post/id/85770/)\n- 2017.03 [improsec] [Windows Kernel Shellcode on Windows 10 – Part 4 - There is No Code](https://improsec.com/blog/windows-kernel-shellcode-on-windows-10-part-4-there-is-no-code)\n- 2017.03 [360] [探索基于Windows 10的Windows内核Shellcode（Part 3）](https://www.anquanke.com/post/id/85735/)\n- 2017.03 [360] [智能逃避IDS——RSA非对称多态SHELLCODE](https://www.anquanke.com/post/id/85711/)\n- 2017.03 [4hou] [Windows Shellcode学习笔记——Shellcode的提取与测试](http://www.4hou.com/technology/3623.html)\n- 2017.03 [improsec] [Windows Kernel Shellcode on Windows 10 – Part 3](https://improsec.com/blog/windows-kernel-shellcode-on-windows-10-part-3)\n- 2017.03 [360] [探索基于Windows 10的Windows内核Shellcode（Part 2）](https://www.anquanke.com/post/id/85669/)\n- 2017.03 [360] [探索基于Windows 10的Windows内核Shellcode（Part 1）](https://www.anquanke.com/post/id/85666/)\n- 2017.03 [360] [反侦测的艺术part3：shellcode炼金术](https://www.anquanke.com/post/id/85648/)\n- 2017.03 [4hou] [Windows Shellcode学习笔记——栈溢出中对jmp esp的利用与优化](http://www.4hou.com/technology/3655.html)\n- 2017.03 [improsec] [Windows Kernel Shellcode on Windows 10 – Part 2](https://improsec.com/blog/windows-kernel-shellcode-on-windows-10-part-2)\n- 2017.03 [4hou] [Windows Shellcode学习笔记——shellcode在栈溢出中的利用与优化](http://www.4hou.com/technology/3654.html)\n- 2017.03 [3gstudent] [Windows Shellcode学习笔记——栈溢出中对jmp esp的利用与优化](https://3gstudent.github.io/3gstudent.github.io/Windows-Shellcode%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0-%E6%A0%88%E6%BA%A2%E5%87%BA%E4%B8%AD%E5%AF%B9jmp-esp%E7%9A%84%E5%88%A9%E7%94%A8%E4%B8%8E%E4%BC%98%E5%8C%96/)\n- 2017.03 [osandamalith] [Shellcode to Scroll your Desktop Vertically and Horizontally](https://osandamalith.com/2017/03/02/shellcode-to-scroll-your-desktop-vertically-and-horizontally/)\n- 2017.03 [pediy] [[原创]PE2Shellcode](https://bbs.pediy.com/thread-216034.htm)\n- 2017.03 [3gstudent] [Windows Shellcode学习笔记——栈溢出中对jmp esp的利用与优化](https://3gstudent.github.io/3gstudent.github.io/Windows-Shellcode%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0-%E6%A0%88%E6%BA%A2%E5%87%BA%E4%B8%AD%E5%AF%B9jmp-esp%E7%9A%84%E5%88%A9%E7%94%A8%E4%B8%8E%E4%BC%98%E5%8C%96/)\n- 2017.02 [osandamalith] [Shellcode to Scroll Your Desktop Horizontally](https://osandamalith.com/2017/02/28/shellcode-to-scroll-your-desktop-horizontally/)\n- 2017.02 [osandamalith] [Shellcode to Invert Colors](https://osandamalith.com/2017/02/28/shellcode-to-invert-colors/)\n- 2017.02 [improsec] [Windows Kernel Shellcode on Windows 10 – Part 1](https://improsec.com/blog/windows-kernel-shellcode-on-windows-10-part-1)\n- 2017.02 [n0where] [Shellcode Builder: Shell Factory](https://n0where.net/shellcode-builder-shell-factory)\n- 2017.02 [3gstudent] [Windows Shellcode学习笔记——shellcode在栈溢出中的利用与优化](https://3gstudent.github.io/3gstudent.github.io/Windows-Shellcode%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0-shellcode%E5%9C%A8%E6%A0%88%E6%BA%A2%E5%87%BA%E4%B8%AD%E7%9A%84%E5%88%A9%E7%94%A8%E4%B8%8E%E4%BC%98%E5%8C%96/)\n- 2017.02 [3gstudent] [Windows Shellcode学习笔记——shellcode在栈溢出中的利用与优化](https://3gstudent.github.io/3gstudent.github.io/Windows-Shellcode%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0-shellcode%E5%9C%A8%E6%A0%88%E6%BA%A2%E5%87%BA%E4%B8%AD%E7%9A%84%E5%88%A9%E7%94%A8%E4%B8%8E%E4%BC%98%E5%8C%96/)\n- 2017.02 [csyssec] [X86 Shellcode代码混淆(一)](http://www.csyssec.org/20170223/obfuscation1/)\n- 2017.02 [modexp] [Shellcode: Dual Mode (x86 + amd64) Linux shellcode](https://modexp.wordpress.com/2017/02/20/shellcode-linux-x84/)\n- 2017.02 [3gstudent] [Windows Shellcode学习笔记——shellcode的提取与测试](https://3gstudent.github.io/3gstudent.github.io/Windows-Shellcode%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0-shellcode%E7%9A%84%E6%8F%90%E5%8F%96%E4%B8%8E%E6%B5%8B%E8%AF%95/)\n- 2017.02 [3gstudent] [Windows Shellcode学习笔记——shellcode的提取与测试](https://3gstudent.github.io/3gstudent.github.io/Windows-Shellcode%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0-shellcode%E7%9A%84%E6%8F%90%E5%8F%96%E4%B8%8E%E6%B5%8B%E8%AF%95/)\n- 2017.01 [modexp] [Shellcode: Dual mode PIC for x86 (Reverse and Bind Shells for Windows)](https://modexp.wordpress.com/2017/01/24/shellcode-x84/)\n- 2017.01 [modexp] [Shellcode: Solaris x86](https://modexp.wordpress.com/2017/01/23/shellcode-solaris/)\n- 2017.01 [modexp] [Shellcode: Mac OSX amd64](https://modexp.wordpress.com/2017/01/21/shellcode-osx/)\n- 2017.01 [modexp] [Shellcode: Resolving API addresses in memory](https://modexp.wordpress.com/2017/01/15/shellcode-resolving-api-addresses/)\n- 2017.01 [360] [远程漏洞利用：无需借助套接字的Shellcode](https://www.anquanke.com/post/id/85306/)\n- 2016.12 [360] [NC后门技术（shellcode版）](https://www.anquanke.com/post/id/85216/)\n- 2016.12 [modexp] [Shellcode: A Windows PIC using RSA-2048 key exchange, AES-256, SHA-3](https://modexp.wordpress.com/2016/12/26/windows-pic/)\n- 2016.12 [360] [使用PLC作为payload/shellcode分发系统（含演示视频）](https://www.anquanke.com/post/id/85159/)\n- 2016.12 [hexacorn] [Shellcode. I’ll Call you back.](http://www.hexacorn.com/blog/2016/12/17/shellcode-ill-call-you-back/)\n- 2016.12 [shelliscoming] [Modbus Stager: Using PLCs as a payload/shellcode distribution system](http://www.shelliscoming.com/2016/12/modbus-stager-using-plcs-as.html)\n- 2016.12 [venus] [Shellcode Compiler - 一款易用的 Shellcode 编译工具](https://paper.seebug.org/134/)\n- 2016.11 [dist67] [VBA Shellcode To Test EMET](https://www.youtube.com/watch?v=ACmcFanE658)\n- 2016.11 [sans] [VBA Shellcode and EMET](https://isc.sans.edu/forums/diary/VBA+Shellcode+and+EMET/21705/)\n- 2016.11 [msreverseengineering] [Synesthesia: Modern Shellcode Synthesis (Ekoparty 2016 Talk)](http://www.msreverseengineering.com/blog/2016/11/8/synesthesia-modern-shellcode-synthesis-ekoparty-2016-talk)\n- 2016.10 [360] [浅谈ASLR和Shellcode的那些事儿](https://www.anquanke.com/post/id/84747/)\n- 2016.09 [dist67] [Maldoc VBA: Shellcode](https://www.youtube.com/watch?v=EJMkK05-Q1o)\n- 2016.09 [3gstudent] [Study Notes Weekly No.2(Shellcode Via JScript \u0026 VBScript)](https://3gstudent.github.io/3gstudent.github.io/Study-Notes-Weekly-No.2(Shellcode-Via-JScript-\u0026-VBScript)/)\n- 2016.09 [3gstudent] [Study Notes Weekly No.2(Shellcode Via JScript \u0026 VBScript)](https://3gstudent.github.io/3gstudent.github.io/Study-Notes-Weekly-No.2(Shellcode-Via-JScript-\u0026-VBScript)/)\n- 2016.08 [paloaltonetworks] [VB Dropper and Shellcode for Hancitor Reveal New Techniques Behi](https://unit42.paloaltonetworks.com/unit42-vb-dropper-and-shellcode-for-hancitor-reveal-new-techniques-behind-uptick/)\n- 2016.08 [uaf] [openCTF 2016 - tyro_shellcode2](http://uaf.io/exploitation/2016/08/05/openCTF-tyro_shellcode2.html)\n- 2016.08 [uaf] [openCTF 2016 - tyro_shellcode](http://uaf.io/exploitation/2016/08/05/openCTF-tyro_shellcode.html)\n- 2016.08 [osandamalith] [Making your Shellcode Undetectable using .NET](https://osandamalith.com/2016/08/01/making-your-shellcode-undetectable-using-net/)\n- 2016.07 [sizzop] [Kernel Hacking With HEVD Part 3 - The Shellcode](https://sizzop.github.io/2016/07/07/kernel-hacking-with-hevd-part-3.html)\n- 2016.06 [breakdev] [X86 Shellcode Obfuscation - Part 3](https://breakdev.org/x86-shellcode-obfuscation-part-3/)\n- 2016.06 [paraschetal] [Gracker level7 (Ghost in the Shellcode!)](https://paraschetal.in/gracker-level07)\n- 2016.06 [mcafee] [Threat Actors Employ COM Technology in Shellcode to Evade Detection](https://www.mcafee.com/blogs/other-blogs/mcafee-labs/threat-actors-employ-com-technology-shellcode-evade-detection/)\n- 2016.06 [mcafee] [Threat Actors Employ COM Technology in Shellcode to Evade Detection](https://securingtomorrow.mcafee.com/mcafee-labs/threat-actors-employ-com-technology-shellcode-evade-detection/)\n- 2016.06 [modexp] [Shellcode: Detection between Windows/Linux/BSD on x86 architecture](https://modexp.wordpress.com/2016/06/02/shellcode-detection/)\n- 2016.05 [angelalonso] [Malicious Excel documents with macros running shellcodes](http://blog.angelalonso.es/2016/05/malicious-excel-documents-vba-running.html)\n- 2016.05 [hackingarticles] [Hack Remote Windows 10 PC using Cypher (Adding Shellcode to PE files)](http://www.hackingarticles.in/hack-remote-windows-10-pc-using-cypher-adding-shellcode-pe-files/)\n- 2016.05 [breakdev] [X86 Shellcode Obfuscation - Part 2](https://breakdev.org/x86-shellcode-obfuscation-part-2/)\n- 2016.05 [breakdev] [X86 Shellcode Obfuscation - Part 1](https://breakdev.org/x86-shellcode-obfuscation-part-1/)\n- 2016.04 [paraschetal] [OWASP ZCR Shellcoder](https://paraschetal.in/owasp-zsc)\n- 2016.04 [modexp] [Shellcode: FreeBSD / OpenBSD amd64](https://modexp.wordpress.com/2016/04/03/x64-shellcodes-bsd/)\n- 2016.03 [modexp] [Shellcode: Linux amd64](https://modexp.wordpress.com/2016/03/31/x64-shellcodes-linux/)\n- 2016.02 [ZeroNights] [George Nosenko — Cisco IOS shellcode — all-in-one](https://www.youtube.com/watch?v=T1_TvqtO6y0)\n- 2016.02 [freebuf] [OWASP ZSC Shellcoder：定制个人专属Shellcode](http://www.freebuf.com/sectool/95250.html)\n- 2015.11 [pediy] [[原创]我也发一个自己写的reverse_bind shellcode代码](https://bbs.pediy.com/thread-206152.htm)\n- 2015.11 [autohacker] [Android Shellcode Telnetd with Parameters](https://blog.csdn.net/autohacker/article/details/49838391)\n- 2015.09 [ly0n] [Windows bind shell universal shellcode](http://ly0n.me/2015/09/26/windows-bind-shell-universal-shellcode/)\n- 2015.09 [ly0n] [Windows bind shell universal shellcode](https://paumunoz.tech/2015/09/26/windows-bind-shell-universal-shellcode/)\n- 2015.09 [theevilbit] [Creating OSX shellcodes](http://theevilbit.blogspot.com/2015/09/creating-osx-shellcodes.html)\n- 2015.09 [bigendiansmalls] [Bind Shell – shellcode and source](https://www.bigendiansmalls.com/bind-shell-shellcode-and-source/)\n- 2015.08 [ly0n] [Windows reverse shell universal shellcode](http://ly0n.me/2015/08/29/windows-reverse-shell-universal-shellcode/)\n- 2015.08 [ly0n] [Windows reverse shell universal shellcode](https://paumunoz.tech/2015/08/29/windows-reverse-shell-universal-shellcode/)\n- 2015.08 [ly0n] [WinExec calc.exe universal shellcode](http://ly0n.me/2015/08/21/winexec-calc-exe-universal-shellcode/)\n- 2015.08 [ly0n] [WinExec calc.exe universal shellcode](https://paumunoz.tech/2015/08/21/winexec-calc-exe-universal-shellcode/)\n- 2015.08 [n0where] [OWASP ZeroDay Cyber Research Shellcoder](https://n0where.net/owasp-zeroday-cyber-research-shellcoder)\n- 2015.07 [bigendiansmalls] [Shellcode Freebie!](https://www.bigendiansmalls.com/shellcode-freebie/)\n- 2015.07 [bigendiansmalls] [Mainframe shellcode](https://www.bigendiansmalls.com/mainframe-shellcode/)\n- 2015.06 [sans] [Detecting Shellcode Hidden in Malicious Files](https://digital-forensics.sans.org/blog/2015/06/28/detecting-shellcode)\n- 2015.06 [tophertimzen] [Shellcode Techniques in C++](https://www.tophertimzen.com/blog/shellcodeTechniquesCPP/)\n- 2015.04 [govolution] [Shifting from 32bit to 64bit Linux Shellcode](https://govolution.wordpress.com/2015/04/21/shifting-from-32bit-to-64bit-linux-shellcode/)\n- 2015.04 [govolution] [Dumping shellcode 64bit style](https://govolution.wordpress.com/2015/04/18/dumping-shellcode-64bit-style/)\n- 2015.04 [tophertimzen] [Shellcode in .NET - How the PEB Changes](https://www.tophertimzen.com/blog/shellcodeDotNetPEB/)\n- 2015.03 [osandamalith] [Running Shellcode in your Raspberry Pi](https://osandamalith.com/2015/03/05/running-shellcode-in-your-rasbperry-pi/)\n- 2014.12 [sans] [Examining Shellcode in a Debugger through Control of the Instruction Pointer](https://digital-forensics.sans.org/blog/2014/12/30/taking-control-of-the-instruction-pointer)\n- 2014.12 [zerosum0x0] [x64 Egg-Hunter Shellcode Stager](https://zerosum0x0.blogspot.com/2014/12/x64-egg-hunter-shellcode.html)\n- 2014.12 [zerosum0x0] [x64 Linux Polymorphic execve() shellcode](https://zerosum0x0.blogspot.com/2014/12/there-are-many-versions-of-execve.html)\n- 2014.12 [zerosum0x0] [x64 Shellcode One-Time Pad Crypter](https://zerosum0x0.blogspot.com/2014/12/x64-one-time-pad-shellcode-crypter.html)\n- 2014.12 [zerosum0x0] [x64 Linux Polymorphic forkbomb shellcode](https://zerosum0x0.blogspot.com/2014/12/on-shell-storm-there-is-simple-7-byte.html)\n- 2014.12 [zerosum0x0] [x64 Linux Polymorphic read file shellcode](https://zerosum0x0.blogspot.com/2014/12/x64-linux-polymorphic-read-file.html)\n- 2014.12 [zerosum0x0] [x64 Linux reverse TCP connect shellcode (75 to 83 bytes, 88 to 96 with password)](https://zerosum0x0.blogspot.com/2014/12/x64-linux-reverse-tcp-connect-shellcode.html)\n- 2014.12 [zerosum0x0] [x64 Linux bind TCP port shellcode (80 bytes, 95 with password)](https://zerosum0x0.blogspot.com/2014/12/x64-linux-bind-shellcode-81-bytes-96.html)\n- 2014.12 [nebelwelt] [Ghost in the Shellcode Teaser 2015: Lost To Time](http://nebelwelt.net/blog/20141213-GitS-LostToTime.html)\n- 2014.12 [tophertimzen] [Windows x64 shellcode编写指南](https://www.tophertimzen.com/blog/windowsx64Shellcode/)\n- 2014.11 [pediy] [[原创]史上最小无需重定位的\"格盘\"ShellCode](https://bbs.pediy.com/thread-194664.htm)\n- 2014.11 [sans] [Guest Diary: Didier Stevens - Shellcode Detection with XORSearch](https://isc.sans.edu/forums/diary/Guest+Diary+Didier+Stevens+Shellcode+Detection+with+XORSearch/18929/)\n- 2014.10 [MarcusNiemietz] [Svetlana Gaivoronski - Shellcode detection techniques](https://www.youtube.com/watch?v=bbzH-y93hq0)\n- 2014.09 [pediy] [[原创]根据一个通用的shellcode 还原的一段汇编代码](https://bbs.pediy.com/thread-192293.htm)\n- 2014.07 [govolution] [Shellcode Binder for Windows 64 Bit](https://govolution.wordpress.com/2014/07/26/shellcode-binder-for-windows-64-bit/)\n- 2014.07 [osandamalith] [shutdown -h now Shellcode](https://osandamalith.com/2014/07/03/shutdown-h-now-shellcode/)\n- 2014.06 [osandamalith] [Chmod 0777 Polymorphic Shellcode](https://osandamalith.com/2014/06/24/chmod-0777-polymorphic-shellcode/)\n- 2014.05 [parsiya] [Pasting Shellcode in GDB using Python](https://parsiya.net/blog/2014-05-25-pasting-shellcode-in-gdb-using-python/)\n- 2014.04 [skullsecurity] [Ghost in the Shellcode: fuzzy (Pwnage 301)](https://blog.skullsecurity.org/2014/ghost-in-the-shellcode-fuzzy-pwnage-301)\n- 2014.03 [] [Two shellcodes and a bit of code](http://0x90909090.blogspot.com/2014/03/two-shellcodes-and-bit-of-code.html)\n- 2014.03 [zairon] [Obfuscated shellcode inside a malicious RTF document](https://zairon.wordpress.com/2014/03/06/obfuscated-shellcode-inside-a-malicious-rtf-document/)\n- 2014.02 [freebuf] [用C语言进一步优化Windows Shellcode](http://www.freebuf.com/articles/system/27122.html)\n- 2014.02 [rapid7] [Shellcode Golf: Every Byte is Sacred](https://blog.rapid7.com/2014/02/14/shellcode-golf/)\n- 2014.02 [govolution] [Shellcode for deleting a file](https://govolution.wordpress.com/2014/02/11/shellcode-for-deleting-a-file/)\n- 2014.01 [govolution] [SLAE: Shellcode read and send file](https://govolution.wordpress.com/2014/01/28/slae-shellcode-read-and-send-file/)\n- 2014.01 [skullsecurity] [Ghost in the Shellcode: gitsmsg (Pwnage 299)](https://blog.skullsecurity.org/2014/ghost-in-the-shellcode-gitsmsg-pwnage-299)\n- 2014.01 [govolution] [SLAE Assignment 6: Polymorphic Shellcode](https://govolution.wordpress.com/2014/01/26/slae-assignment-6-polymorphic-shellcode/)\n- 2014.01 [skullsecurity] [Ghost in the Shellcode: TI-1337 (Pwnable 100)](https://blog.skullsecurity.org/2014/ghost-in-the-shellcode-ti-1337-pwnable-100)\n- 2014.01 [pediy] [[原创]揭示《shellcoder's handbook》中一个函数的运行机制](https://bbs.pediy.com/thread-183257.htm)\n- 2013.12 [pediy] [[原创]shellcode 版的 hello world](https://bbs.pediy.com/thread-182964.htm)\n- 2013.12 [anti] [A Shellter for your shellcode…](http://www.anti-reversing.com/1257/)\n- 2013.12 [pediy] [[原创]旧书重温：0day2[5]shellcode变形记](https://bbs.pediy.com/thread-182551.htm)\n- 2013.11 [infosec42] [[Shellcode] MIPS Little Endian Reverse Shell Shellcode (Linux)](http://infosec42.blogspot.com/2013/11/shellcode-mips-little-endian-reverse.html)\n- 2013.08 [v0ids3curity] [Stdin reopen \u0026 execve /bin/sh shellcode for Linux/x86_64](https://www.voidsecurity.in/2013/08/stdin-reopen-execve-binsh-shellcode-for.html)\n- 2013.07 [infosec42] [[Shellcode]  MIPS Little Endian system() Shellcode](http://infosec42.blogspot.com/2013/07/shellcode-mips-little-endian-system.html)\n- 2013.06 [pediy] [[原创]分享用C语言写ShellCode的技术应用--拦截系统记事本工具的保存菜单](https://bbs.pediy.com/thread-173634.htm)\n- 2013.06 [pediy] [[原创]分享用C语言写ShellCode的实现源码](https://bbs.pediy.com/thread-173358.htm)\n- 2013.06 [jumpespjump] [One-liner to only get the shellcode from objdump](https://jumpespjump.blogspot.com/2013/06/only-getting-shellcode-from-objdump.html)\n- 2013.04 [pediy] [[原创]新人ShellCode小总结,附带一个讨论问题](https://bbs.pediy.com/thread-170748.htm)\n- 2013.03 [techorganic] [Binary to shellcode](https://blog.techorganic.com/2013/03/02/binary-to-shellcode/)\n- 2013.02 [v0ids3curity] [Ghost In The Shellcode 2013 CTF - Pwnable 100 - Question 8 Shiftd [Team xbios]](https://www.voidsecurity.in/2013/02/ghost-in-shellcode-2013-ctf-pwnable-100.html)\n- 2013.01 [pediy] [[原创]MAsM ShellCode 宏框架使用手册 CHM](https://bbs.pediy.com/thread-160884.htm)\n- 2012.11 [offensive] [Fun with AIX Shellcode and Metasploit](https://www.offensive-security.com/vulndev/aix-shellcode-metasploit/)\n- 2012.11 [cawanblog] [Design and Implementation of Token Stealing Kernel Shellcode for Windows 8](http://cawanblog.blogspot.com/2012/11/design-and-implementation-of-token.html)\n- 2012.11 [cawanblog] [How To Build A Kernel Shellcode Design and Testing Platform For Windows 8 By Using Windbg](http://cawanblog.blogspot.com/2012/11/how-to-build-kernel-shellcode-design_5.html)\n- 2012.10 [pediy] [[原创]ShellCodeToAscii](https://bbs.pediy.com/thread-156913.htm)\n- 2012.08 [pediy] [[原创] Shellcode In X64-3 Test Your Shellcode](https://bbs.pediy.com/thread-155371.htm)\n- 2012.08 [pediy] [[原创]Shellcode In X64-2Search Function using hash](https://bbs.pediy.com/thread-155341.htm)\n- 2012.08 [pediy] [[原创]Shellcode In X64-1Find Kernel32.dll](https://bbs.pediy.com/thread-155336.htm)\n- 2012.08 [rsa] [Network detection of x86 buffer overflow shellcode](https://community.rsa.com/community/products/netwitness/blog/2012/08/22/network-detection-of-x86-buffer-overflow-shellcode)\n- 2012.07 [magictong] [ShellCode的调试方法和常见问题的解决方法](https://blog.csdn.net/magictong/article/details/7768026)\n- 2012.05 [pediy] [[原创] 也学构造字母shellcode](https://bbs.pediy.com/thread-151251.htm)\n- 2012.05 [joxeankoret] [Embedding a shellcode in a PE file](http://joxeankoret.com/blog/2012/05/06/embedding-a-shellcode-in-a-pe-file/)\n- 2012.03 [] [文件类漏洞ShellCode的查找](http://www.91ri.org/2937.html)\n- 2012.03 [sans] [Phishing with obfuscated javascript, shellcode and malware](https://isc.sans.edu/forums/diary/Phishing+with+obfuscated+javascript+shellcode+and+malware/12700/)\n- 2012.01 [] [Linux/x86 Polymorphic ShellCode – setuid(0)+setgid(0)+add user ‘iph’ without password to /etc/passwd](http://www.91ri.org/2714.html)\n- 2011.11 [pediy] [[原创]我的第一次vc转shellcode历程](https://bbs.pediy.com/thread-142657.htm)\n- 2011.10 [dist67] [White Hat Shellcode Workshop: Enforcing Permanent DEP](https://www.youtube.com/watch?v=UUQz5JsWirI)\n- 2011.08 [pediy] [[原创]OllyDgb下的shellcode提取插件](https://bbs.pediy.com/thread-138963.htm)\n- 2011.06 [pediy] [[求助]在shellcode中遇到疑惑的浮点指令](https://bbs.pediy.com/thread-135162.htm)\n- 2011.04 [pediy] [[原创]Dadong's JSXX 0.39 VIP所用shellcode调试](https://bbs.pediy.com/thread-132109.htm)\n- 2011.03 [purehacking] [The Shellcode Lab - Black Hat Training Course](https://www.purehacking.com/blog/ty-miller/the-shellcode-lab-black-hat-training-course)\n- 2011.01 [travisgoodspeed] [Generic CC1110 Sniffing, Shellcode, and iClickers](http://travisgoodspeed.blogspot.com/2011/01/generic-cc1110-sniffing-shellcode-and.html)\n- 2010.12 [pediy] [[原创]shellcode框架，纯属娱乐](https://bbs.pediy.com/thread-125853.htm)\n- 2010.11 [e] [Hiding Shellcode in Plain Sight](http://e-omidfar.blogspot.com/2010/11/hiding-shellcode-in-plain-sight.html)\n- 2010.09 [pediy] [[原创]众里寻他千百度----文件类漏洞ShellCode的查找](https://bbs.pediy.com/thread-121045.htm)\n- 2010.05 [pediy] [[原创]纯字母shellcode揭秘](https://bbs.pediy.com/thread-113177.htm)\n- 2010.04 [pediy] [[原创]基于shellcode感染方式的组合病毒研究](https://bbs.pediy.com/thread-110429.htm)\n- 2010.03 [skullsecurity] [Weaponizing dnscat with shellcode and Metasploit](https://blog.skullsecurity.org/2010/weaponizing-dnscat-with-shellcode-and-metasploit)\n- 2009.06 [heelan] [Morphing shellcode using CFGs and SAT](https://sean.heelan.io/2009/06/02/model-checking-smt-solving-and-morphing-shellcode/)\n- 2009.05 [heelan] [Not all shellcode locations are made equal](https://sean.heelan.io/2009/05/13/not-all-shellcode-locations-are-made-equal/)\n- 2009.03 [pediy] [[分享]贴一个MessageBox的shellcode](https://bbs.pediy.com/thread-83968.htm)\n- 2009.01 [pediy] [[原创]改写前辈的shellcode（delphi版）](https://bbs.pediy.com/thread-80819.htm)\n- 2008.12 [edge] [Shellcode2Exe](http://edge-security.blogspot.com/2008/12/shellcode2exe.html)\n- 2008.11 [pediy] [[原创]汇编打造最简单的shellcode](https://bbs.pediy.com/thread-76204.htm)\n- 2008.09 [pediy] [[原创]ShellCode Locator for IDA 5.2](https://bbs.pediy.com/thread-72947.htm)\n- 2008.07 [pediy] [[翻譯]SHELLCODE 設計解密](https://bbs.pediy.com/thread-69385.htm)\n- 2008.07 [pediy] [[原创]32字节的退出进程Shellcode](https://bbs.pediy.com/thread-68560.htm)\n- 2008.07 [pediy] [[原创]word 漏洞利用shellcode代码反汇编](https://bbs.pediy.com/thread-68102.htm)\n- 2008.06 [pediy] [[作品提交]ShellCode辅助工具](https://bbs.pediy.com/thread-66656.htm)\n- 2008.05 [pediy] [[原创]快速高效的写shellcode](https://bbs.pediy.com/thread-65309.htm)\n- 2008.02 [pediy] [[原创]shellcode之小小琢磨](https://bbs.pediy.com/thread-60338.htm)\n- 2007.08 [pediy] [[原创]完全不懂shellcode解第二阶段第一题](https://bbs.pediy.com/thread-50721.htm)\n- 2007.03 [pediy] [《The Shellcoder's handbook》第十九章_二进制审计：Hacking不公开源码的软件](https://bbs.pediy.com/thread-40537.htm)\n- 2007.02 [pediy] [《The Shellcoder's handbook》第十八章_跟踪漏洞](https://bbs.pediy.com/thread-40164.htm)\n- 2007.02 [pediy] [[注意]《The Shellcoder's Handbook》中的笔误](https://bbs.pediy.com/thread-39968.htm)\n- 2007.02 [pediy] [《The Shellcoder's handbook》第十七章_Instrumented Investigation:手工的方法](https://bbs.pediy.com/thread-39775.htm)\n- 2007.02 [pediy] [《The Shellcoder's handbook》第十六章_源码审计：在C-Based 语言里寻找漏洞](https://bbs.pediy.com/thread-39586.htm)\n- 2007.02 [pediy] [《The Shellcoder's handbook》第十五_Fuzzing的技巧](https://bbs.pediy.com/thread-39220.htm)\n- 2007.01 [pediy] [《The Shellcoder's handbook》第十三章_建立工作环境](https://bbs.pediy.com/thread-38324.htm)\n- 2007.01 [pediy] [《The Shellcoder's handbook》第十二章_破解HP Tru64 Unix](https://bbs.pediy.com/thread-37937.htm)\n- 2007.01 [pediy] [《The Shellcoder's handbook》第十一章_高级 Solaris 破解](https://bbs.pediy.com/thread-37575.htm)\n- 2007.01 [pediy] [《The Shellcoder's handbook》第十章_Solaris 破解入门](https://bbs.pediy.com/thread-37269.htm)\n- 2006.12 [pediy] [《The Shellcoder's handbook》第九章_战胜过滤器](https://bbs.pediy.com/thread-36885.htm)\n- 2006.12 [pediy] [《The Shellcoder's handbook》第八章_Windows 溢出](https://bbs.pediy.com/thread-36535.htm)\n- 2006.12 [pediy] [来看看WINRAR溢出漏洞吧,写个SHELLCODE就可以捆绑程序[注意]](https://bbs.pediy.com/thread-36248.htm)\n- 2006.12 [pediy] [《The Shellcoder's handbook》第七章_Windows Shellcode](https://bbs.pediy.com/thread-36216.htm)\n- 2006.12 [pediy] [《The Shellcoder's handbook》翻译汇总及勘误](https://bbs.pediy.com/thread-35849.htm)\n- 2006.12 [pediy] [《The Shellcoder's handbook》第六章_Windows的广阔原野](https://bbs.pediy.com/thread-35847.htm)\n- 2006.11 [em386] [Sysenter shellcode](http://em386.blogspot.com/2006/11/sysenter-shellcode.html)\n- 2006.11 [pediy] [《The Shellcoder's handbook》第五章_堆溢出](https://bbs.pediy.com/thread-35165.htm)\n- 2006.11 [pediy] [《The Shellcoder's handbook》第四章_格式化串漏洞](https://bbs.pediy.com/thread-34820.htm)\n- 2006.11 [pediy] [《The Shellcoder's handbook》第三章_Shellcode](https://bbs.pediy.com/thread-34433.htm)\n- 2006.10 [pediy] [《The Shellcoder's handbook》第二章_栈溢出](https://bbs.pediy.com/thread-33986.htm)\n- 2006.10 [pediy] [《The Shellcoder's handbook》第一章_在开始之前](https://bbs.pediy.com/thread-33670.htm)\n- 2006.10 [pediy] [[原创]小议shellcoder](https://bbs.pediy.com/thread-33205.htm)\n- 2006.04 [pediy] [[原创]常用ShellCode Hash算法-Delphi内镶BASM](https://bbs.pediy.com/thread-23563.htm)\n- 2005.01 [pediy] [shellcode和我写的一个例子](https://bbs.pediy.com/thread-19294.htm)\n\n\n\n\n# 贡献\n内容为系统自动导出, 有任何问题请提issue","funding_links":[],"categories":["Others (1002)","Others"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FalphaSeclab%2Fshellcode-resources","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FalphaSeclab%2Fshellcode-resources","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FalphaSeclab%2Fshellcode-resources/lists"}