Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.
Awesome Lists | Featured Topics | Projects
https://github.com/alphaSeclab/shellcode-resources

Resources About Shellcode
https://github.com/alphaSeclab/shellcode-resources
shellcode shellcode-analysis shellcode-convert shellcode-decode shellcode-development shellcode-encode shellcode-execute shellcode-injection shellcode-loader
Last synced: 21 days ago
JSON representation
Resources About Shellcode
Host: GitHub
URL: https://github.com/alphaSeclab/shellcode-resources
Owner: alphaSeclab
Created: 2020-03-17T05:57:22.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2020-03-17T05:58:48.000Z (over 4 years ago)
Last Synced: 2024-11-15T08:04:49.864Z (27 days ago)
Topics: shellcode, shellcode-analysis, shellcode-convert, shellcode-decode, shellcode-development, shellcode-encode, shellcode-execute, shellcode-injection, shellcode-loader
Size: 59.6 KB
Stars: 208
Watchers: 10
Forks: 59
Open Issues: 0
Metadata Files:
- Readme: Readme.md
- Changelog: history/Shellcode_20200317135420.json
Awesome Lists containing this project

awesome-hacking-lists - alphaSeclab/shellcode-resources - Resources About Shellcode (Others)
README

        # [所有收集类项目](https://github.com/alphaSeclab/all-my-collection-repos)

# Shellcode

- Shellcode相关资源, 150+工具, 500+文章

- [English Version](https://github.com/alphaSeclab/shellcode-resources/blob/master/Readme_en.md)

# 目录

- [开发&&编写](#046354d96bbc65ade966dc83ff7fe8ef)

    - [shellen](#5489b8896792ff75d1e0971597d5829b) ->  [(1)工具](#7a69f4fc97964348552acb7c8472f1ab) [(2)文章](#e5dc2d01e8279adf30d34066b8c61aaf)

    - [漏洞开发](#4f71b3d96ccbb4433cd9582bf6b3b49c) ->  [(1)工具](#1578f4dee1f7b9340b7923d72e67ca75) [(13)文章](#76612bdb96657fd5e6c663f76b738619)

    - [编码&&解码](#4137b4aa2b9562fbad4010b40c93c0b8) ->  [(9)工具](#3ab819169565fb2ac49e4a7285b217fd) [(14)文章](#1d15b6ffe1202baecee2e63ceb01261c)

    - [(9) 工具](#2aad113ca8fd8b2ce5278b3c73afb637)

    - [(56) 文章](#ba82bf5ca275733d09434861aa4becf5)

- [启动&&加载&&注入&&执行](#b79d65effe22d7dfa216cdfaaede7abd)

    - [注入](#c8f7f9913bbf6ca9ad62b2924a81c5a1) ->  [(13)工具](#270623a2c94dd2e4a342f46262ee8ae1) [(34)文章](#f67fc5d20ddff852419d63d094cb17ba)

    - [执行](#4ad7253b703db90d80efccc99da781e5) ->  [(1)工具](#b84580eec0d446e20ed9c774946f9325) [(23)文章](#9cdbcec9e7e4bf040fe9802dc4e1225b)

    - [(22) 工具](#2c78519e8cf84e3863d4c2374ead132f)

    - [(6) 文章](#4f9e0536cd4c8b6d7e3597c5c9315df5)

- [生成](#c86cc38af95f4ccbc3d082b3883af702) ->  [(16)工具](#20753578295f405b2fee3ae5659ee214) [(24)文章](#102a321d8be34fab263fe0559145b36c)

- [转换](#4d515d3e53e9e4ae1f09bd9f4afc5b5a) ->  [(11)工具](#eb5e32922251dc76e85ed094adbcacd9) [(3)文章](#1d87c2031d25482e324e0b3158e46806)

- [分析](#9a0361c824e96f82eaec8829d14cf080)

    - [漏洞](#115b4bfacc38bd2fc9b7fa303b5c58ab) -> 

    - [(5) 工具](#b636936039c6751d5e736ca2e52c8e1a)

    - [(53) 文章](#ae3243cf65f334dd979b7709d6d745d3)

- [BypassXxx](#2783a12f735d75d4d9dd34aade4e27fd)

    - [AV](#68671811bf65fa44f770f9b7bf35edba) ->  [(5)工具](#501a34037beb98f8db25e453dc8c6178) [(9)文章](#e4f187de8742002a534b4140989904a4)

    - [(5) 工具](#8c1f3c12de652e3cb2e2d92d28d762d8)

    - [(12) 文章](#fa01326b5bfe12e5417c0f4d30146245)

- [ARM](#82f62a71fbfb0aec18860663d4de5ec2) ->  [(2)工具](#9ebdbbcde063e2fd71a1f9fef001315a) [(9)文章](#c7014efbebcc4831883c878a9c4b1736)

- [其他](#bfaa9390189b5c4ab46ca5631adf3453)

    - [工具](#16001cb2fae35b722deaa3b9a8e5f4d5)

        - [(1) 收集](#714ed53324dd30fc14a3ca7c02b9fc1c)

        - [(64) 新添加](#98d70f3829393b5da364689bc902bab0)

        - [(6) 其他](#d342759bd2543421de29133d9b376df8)

    - [文章](#7d2b1d324dbfb20c3c6da343e9443a5c)

        - [(262) 新添加](#596105c2fa0590982160279ebd1b1eac)

# 开发&&编写

***

## shellen

### 工具

- [**706**星][1y] [Py] [merrychap/shellen](https://github.com/merrychap/shellen) 交互式Shellcode开发环境

### 文章

- 2018.03 [freebuf] [Shellen：交互式shellcode开发环境](http://www.freebuf.com/sectool/164387.html)

- 2018.02 [pediy] [[翻译] Shellen-交互式shellcode开发环境](https://bbs.pediy.com/thread-224810.htm)

***

## 漏洞开发

### 工具

- [**8**星][4y] [Py] [sectool/python-shellcode-buffer-overflow](https://github.com/sectool/Python-Shellcode-Buffer-Overflow) Shellcode / Buffer Overflow

### 文章

- 2018.04 [pediy] [[翻译]Windows漏洞利用开发 - 第4部分：使用跳转定位Shellcode](https://bbs.pediy.com/thread-225847.htm)

- 2017.09 [shogunlab] [Zero Day Zen Garden: Windows Exploit Development - Part 3 [Egghunter to Locate Shellcode]](https://www.shogunlab.com/blog/2017/09/02/zdzg-windows-exploit-3.html)

- 2017.08 [shogunlab] [Zero Day Zen Garden: Windows Exploit Development - Part 2 [JMP to Locate Shellcode]](https://www.shogunlab.com/blog/2017/08/26/zdzg-windows-exploit-2.html)

- 2017.05 [abatchy] [Exploit Dev 101: Jumping to Shellcode](http://www.abatchy.com/2017/05/jumping-to-shellcode.html)

- 2016.06 [digitaloperatives] [Exploiting Weak Shellcode Hashes to Thwart Module Discovery; or, Go Home, Malware, You’re Drunk!](https://www.digitaloperatives.com/2016/06/23/exploiting-weak-shellcode-hashes/)

- 2016.01 [pediy] [[翻译]Windows Exploit开发系列教程第六部分：WIN32 shellcode编写](https://bbs.pediy.com/thread-207096.htm)

- 2016.01 [pediy] [[翻译]exploit开发教程第六章-shellcode](https://bbs.pediy.com/thread-206946.htm)

- 2015.08 [ly0n] [Avoiding badchars & small buffers with custom shellcode – OdinSecureFTPclient SEH exploit](http://ly0n.me/2015/08/10/avoiding-badchars-small-buffers-with-custom-shellcode-odinsecureftpclient-seh-exploit/)

- 2015.08 [ly0n] [Avoiding badchars & small buffers with custom shellcode – OdinSecureFTPclient SEH exploit](https://paumunoz.tech/2015/08/10/avoiding-badchars-small-buffers-with-custom-shellcode-odinsecureftpclient-seh-exploit/)

- 2014.03 [beefproject] [Exploiting with BeEF Bind shellcode](http://blog.beefproject.com/2014/03/exploiting-with-beef-bind-shellcode_19.html)

- 2014.01 [securitysift] [Windows Exploit Development – Part 5: Locating Shellcode With Egghunting](https://www.securitysift.com/windows-exploit-development-part-5-locating-shellcode-egghunting/)

- 2013.12 [securitysift] [Windows Exploit Development – Part 4: Locating Shellcode With Jumps](https://www.securitysift.com/windows-exploit-development-part-4-locating-shellcode-jumps/)

- 2008.01 [pediy] [[原创]exploit_me_A的shellcode构造与突破](https://bbs.pediy.com/thread-57561.htm)

***

## 编码&&解码

### 工具

- [**89**星][4y] [Py] [mothran/unicorn-decoder](https://github.com/mothran/unicorn-decoder) Simple shellcode decoder using unicorn-engine

- [**51**星][1y] [Py] [ecx86/shellcode_encoder](https://github.com/ecx86/shellcode_encoder) x64 printable shellcode encoder

- [**45**星][4y] [Py] [eteissonniere/elidecode](https://github.com/ETeissonniere/EliDecode) The tool to decode obfuscated shellcodes using the unicorn and capstone engine

- [**29**星][2y] [Py] [ihack4falafel/slink](https://github.com/ihack4falafel/slink) Alphanumeric Shellcode (x86) Encoder

- [**27**星][7m] [Py] [blacknbunny/encdecshellcode](https://github.com/blacknbunny/encdecshellcode) Shellcode Encrypter & Decrypter With XOR Cipher

- [**13**星][1y] [Py] [veritas501/ae64](https://github.com/veritas501/ae64) basic amd64 alphanumeric shellcode encoder

- [**12**星][2m] [Perl 6] [anon6372098/faz-shc](https://github.com/anon6372098/faz-shc) Faz-SHC is a program that can be encrypted the text you give to a Shellcode. Simple and coded with Perl. Coded by M.Fazri Nizar.

- [**2**星][1y] [Makefile] [sh3llc0d3r1337/slae32-custom-encoder](https://github.com/sh3llc0d3r1337/slae32-custom-encoder) SLAE32 Assignment #4 - Custom Shellcode

- [**0**星][10m] [pcsxcetra/equationeditorshellcodedecoder](https://github.com/pcsxcetra/equationeditorshellcodedecoder) Tool to decode the encoded Shellcode of this type found in office documents

### 文章

- 2019.11 [rapid7] [Metasploit Shellcode Grows Up: Encrypted and Authenticated C Shells](https://blog.rapid7.com/2019/11/21/metasploit-shellcode-grows-up-encrypted-and-authenticated-c-shells/)

- 2019.11 [aliyun] [Shellcode编码技术](https://xz.aliyun.com/t/6665)

- 2019.05 [pcsxcetrasupport3] [A deeper look at Equation Editor CVE-2017-11882 with encoded Shellcode](https://pcsxcetrasupport3.wordpress.com/2019/05/22/a-deeper-look-at-equation-editor-cve-2017-11882-with-encoded-shellcode/)

- 2019.03 [cybersecpolitics] [The Lost Art of Shellcode Encoder/Decoders](https://cybersecpolitics.blogspot.com/2019/03/the-lost-art-of-shellcode.html)

- 2018.07 [doyler] [编写 Shellcode XOR 编码/解码器, 躲避AV检测](https://www.doyler.net/security-not-included/shellcode-xor-encoder-decoder)

- 2017.08 [360] [SLAE：如何开发自定义的RBIX Shellcode编码解码器](https://www.anquanke.com/post/id/86693/)

- 2015.07 [bigendiansmalls] [Building shellcode, egghunters and decoders.](https://www.bigendiansmalls.com/creating-shellcode-to-run-in-uss/)

- 2015.03 [freebuf] [Huffy：哈夫曼编码的shellcode](http://www.freebuf.com/articles/system/59781.html)

- 2015.02 [skullsecurity] [GitS 2015: Huffy (huffman-encoded shellcode)](https://blog.skullsecurity.org/2015/gits-2015-huffy-huffman-encoded-shellcode)

- 2014.12 [zerosum0x0] [x64 Shellcode Byte-Rotate Encoder](https://zerosum0x0.blogspot.com/2014/12/x64-shellcode-byte-rotate-encoder.html)

- 2014.04 [volatility] [Building a Decoder for the CVE-2014-0502 Shellcode](https://volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0502.html)

- 2012.08 [debasish] [Experiment With Run Time Encryption/Decryption of Win32 ShellCodes](http://www.debasish.in/2012/08/experiment-with-run-time.html)

- 2012.05 [pediy] [[原创]shellcode xor编码/解码](https://bbs.pediy.com/thread-151108.htm)

- 2008.08 [pediy] [[原创]shellcode的一种ascii编码方法](https://bbs.pediy.com/thread-70964.htm)

***

## 工具

- [**513**星][3y] [Py] [reyammer/shellnoob](https://github.com/reyammer/shellnoob) Shellcode编写工具包

- [**189**星][1y] [Py] [thesecondsun/shellab](https://github.com/thesecondsun/shellab) Shellcode开发/丰富工具，支持Windows/Linux

- [**184**星][8m] [C++] [jackullrich/shellcodestdio](https://github.com/jackullrich/shellcodestdio) 辅助编写Windows平台的位置无关Shellcode，支持x86/x64

- [**115**星][4y] [C++] [lcatro/vuln_javascript](https://github.com/lcatro/vuln_javascript) 模拟一个存在漏洞的JavaScript 运行环境,用来学习浏览器漏洞原理和练习如何编写Shellcode

- [**95**星][2y] [Py] [invictus1306/workshop-bsidesmunich2018](https://github.com/invictus1306/workshop-bsidesmunich2018) ARM shellcode and exploit development - BSidesMunich 2018

- [**75**星][6m] [C++] [shellvm/shellvm](https://github.com/shellvm/shellvm) A collection of LLVM transform and analysis passes to write shellcode in regular C

- [**15**星][4y] [Assembly] [novicelive/shellcoding](https://github.com/novicelive/shellcoding) Introduce you to shellcode development.

- [**6**星][3y] [Java] [jlxip/shellcode-ide](https://github.com/jlxip/shellcode-ide) An IDE for creating shellcodes.

- [**3**星][2y] [C] [wanttobeno/study_shellcode](https://github.com/wanttobeno/study_shellcode) windows平台下功能性shellcode的编写

***

## 文章

- 2020.01 [aliyun] [shellcode编写过程总结](https://xz.aliyun.com/t/7072)

- 2019.06 [nytrosecurity] [Writing shellcodes for Windows x64](https://nytrosecurity.com/2019/06/30/writing-shellcodes-for-windows-x64/)

- 2019.04 [4hou] [Windows x86 Shellcode开发：寻找Kernel32.dll地址](https://www.4hou.com/system/17180.html)

- 2019.02 [X0x0FFB347] [Writing a Custom Shellcode Encoder](https://medium.com/p/31816e767611)

- 2019.02 [aliyun] [用ARM编写shellcode](https://xz.aliyun.com/t/4098)

- 2019.01 [fuzzysecurity] [Writing shellcode to binary files](http://fuzzysecurity.com/tutorials/7.html)

- 2019.01 [fuzzysecurity] [Part 6: Writing W32 shellcode](http://fuzzysecurity.com/tutorials/expDev/6.html)

- 2019.01 [freebuf] [过年不屯点干货吗，Windows平台高效Shellcode编程技术实战｜精品公开课](https://www.freebuf.com/fevents/194308.html)

- 2019.01 [ly0n] [[BOOK] Shellcode writting in Windows environments](http://ly0n.me/2019/01/03/shellcode-writting-in-windows-environments/)

- 2019.01 [ly0n] [[BOOK] Shellcode writting in Windows environments](https://paumunoz.tech/2019/01/03/shellcode-writting-in-windows-environments/)

- 2018.11 [4hou] [FreeBSD上编写x86 Shellcode初学者指南](http://www.4hou.com/binary/14375.html)

- 2018.08 [pediy] [[原创]《0day安全...（第二版）》第3章第4节开发通用的shellcode在win10系统下测试的问题](https://bbs.pediy.com/thread-246532.htm)

- 2018.08 [360] [路由器漏洞复现终极奥义——基于MIPS的shellcode编写](https://www.anquanke.com/post/id/153725/)

- 2018.07 [pediy] [[翻译]二进制漏洞利用（一）编写ARMshellcode&理解系统函数](https://bbs.pediy.com/thread-230148.htm)

- 2018.03 [aliyun] [Windows下Shellcode编写详解](https://xz.aliyun.com/t/2108)

- 2018.02 [freebuf] [Sickle：推荐一款优质ShellCode开发工具](http://www.freebuf.com/sectool/162332.html)

- 2018.02 [aliyun] [Linux下shellcode的编写](https://xz.aliyun.com/t/2052)

- 2017.09 [secist] [我的shellcode编写之路 |MSF| Shellcode | kali linux 2017](http://www.secist.com/archives/4809.html)

- 2017.06 [360] [Shellcode编程之特征搜索定位GetProcAddress](https://www.anquanke.com/post/id/86334/)

- 2017.06 [skullsecurity] [解决 CTF "b-64-b-tuff"：手动编写 base64 解码器及 alphanumeric shellcode](https://blog.skullsecurity.org/2017/solving-b-64-b-tuff-writing-base64-and-alphanumeric-shellcode)

- 2017.05 [360] [Windows x64 shellcode编写指南](https://www.anquanke.com/post/id/86175/)

- 2017.05 [freebuf] [如何编写高质量的Windows Shellcode](http://www.freebuf.com/articles/system/133990.html)

- 2017.05 [pediy] [[翻译]Windows平台下的Shellcode代码优化编写指引](https://bbs.pediy.com/thread-217513.htm)

- 2017.03 [4hou] [HEVD 内核攻击: 编写Shellcode（三）](http://www.4hou.com/technology/3942.html)

- 2017.01 [360] [shellcode编程：在内存中解析API地址](https://www.anquanke.com/post/id/85386/)

- 2016.06 [paraschetal] [Writing your own shellcode.](https://paraschetal.in/writing-your-own-shellcode)

- 2016.02 [freebuf] [Windows平台shellcode开发入门（三）](http://www.freebuf.com/articles/system/97215.html)

- 2016.02 [securitycafe] [Introduction to Windows shellcode development – Part 3](https://securitycafe.ro/2016/02/15/introduction-to-windows-shellcode-development-part-3/)

- 2016.01 [freebuf] [Windows平台shellcode开发入门（二）](http://www.freebuf.com/articles/system/94774.html)

- 2016.01 [freebuf] [Windows平台shellcode开发入门（一）](http://www.freebuf.com/articles/system/93983.html)

- 2016.01 [securitygossip] [When Every Byte Counts – Writing Minimal Length Shellcodes](http://securitygossip.com/blog/2016/01/07/2016-01-07/)

- 2016.01 [sjtu] [When Every Byte Counts – Writing Minimal Length Shellcodes](https://loccs.sjtu.edu.cn/gossip/blog/2016/01/07/2016-01-07/)

- 2015.12 [securitycafe] [Introduction to Windows shellcode development – Part 2](https://securitycafe.ro/2015/12/14/introduction-to-windows-shellcode-development-part-2/)

- 2015.10 [securitycafe] [Introduction to Windows shellcode development – Part 1](https://securitycafe.ro/2015/10/30/introduction-to-windows-shellcode-development-part1/)

- 2015.02 [freebuf] [Windows平台下高级Shellcode编程技术](http://www.freebuf.com/articles/system/58920.html)

- 2015.02 [pediy] [[原创]windows平台下的高级shellcode编程技术](https://bbs.pediy.com/thread-197835.htm)

- 2015.02 [topsec] [windows平台下高级shellcode编程技术](http://blog.topsec.com.cn/ad_lab/windows%e5%b9%b3%e5%8f%b0%e4%b8%8b%e5%8a%9f%e8%83%bd%e6%80%a7shellcode%e7%9a%84%e7%bc%96%e5%86%99/)

- 2014.08 [pediy] [[原创]Masm宏框架 简单编写复杂的ShellCode](https://bbs.pediy.com/thread-191650.htm)

- 2014.07 [] [使用C编写shellcode](http://www.91ri.org/9057.html)

- 2013.12 [pediy] [[原创]编写二进制的shellcode](https://bbs.pediy.com/thread-182356.htm)

- 2013.06 [pediy] [[原创]PE感染&ShellCode编写技术补充](https://bbs.pediy.com/thread-172961.htm)

- 2013.05 [toolswatch] [ShellNoob v1.0 – Shellcode Writing Toolkit](http://www.toolswatch.org/2013/05/shellnoob-v1-0-shellcode-writing-toolkit/)

- 2013.04 [reyammer] [ShellNoob 1.0 - a shellcode writing toolkit](http://reyammer.blogspot.com/2013/04/shellnoob-10-shellcode-writing-toolkit.html)

- 2012.09 [pediy] [[原创]Android系统shellcode编写](https://bbs.pediy.com/thread-155774.htm)

- 2012.06 [] [shellcode的编写与关键](http://www.91ri.org/3335.html)

- 2011.06 [pediy] [[原创]MASM之ShellCode框架编写[合并帖]](https://bbs.pediy.com/thread-135062.htm)

- 2010.10 [pediy] [[原创]Win 7下定位kernel32.dll基址及shellcode编写](https://bbs.pediy.com/thread-122260.htm)

- 2010.09 [pediy] [[翻译]Exploit 编写系列教程第九篇Win32 Shellcode编写入门](https://bbs.pediy.com/thread-120649.htm)

- 2010.05 [elearnsecurity] [Writing OS Independent Shellcode](https://blog.elearnsecurity.com/writing-os-independent-shellcode.html)

- 2010.03 [pediy] [[原创]Writing JIT-Spray Shellcode for fun and profit - CHS[更新完整版]](https://bbs.pediy.com/thread-108861.htm)

- 2010.01 [pediy] [[原创]编写反连ShellCode遇到的难点并解决之总结](https://bbs.pediy.com/thread-105567.htm)

- 2009.11 [pediy] [[翻译]Exploit编写系列教程第二篇: 栈溢出——跳至shellcode](https://bbs.pediy.com/thread-101704.htm)

- 2009.07 [corelan] [Exploit writing tutorial part 2 : Stack Based Overflows – jumping to shellcode](https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/)

- 2009.01 [pediy] [[翻译]写一段小型溢出代码（译自：Writing Small Shellcode）](https://bbs.pediy.com/thread-80306.htm)

- 2008.01 [pediy] [[原创]ShellCode编写之hash式函数调用及相关](https://bbs.pediy.com/thread-58393.htm)

- 2006.07 [pediy] [[原创]VC8编写ShellCode以及辅助工具](https://bbs.pediy.com/thread-28681.htm)

# 启动&&加载&&注入&&执行

***

## 注入

### 工具

- [**126**星][2y] [C++] [gpoulios/ropinjector](https://github.com/gpoulios/ropinjector) Patching ROP-encoded shellcodes into PEs

- [**108**星][1m] [C++] [josh0xa/threadboat](https://github.com/josh0xA/ThreadBoat) uses Thread Execution Hijacking to Inject Native Shellcode into a Standard Win32 Application

- [**85**星][3y] [C] [countercept/doublepulsar-usermode-injector](https://github.com/countercept/doublepulsar-usermode-injector) 使用 DOUBLEPULSAR payload 用户模式的 Shellcode 向其他进程注入任意 DLL

- [**63**星][8y] [Py] [sensepost/anapickle](https://github.com/sensepost/anapickle) Toolset for writing shellcode in Python's Pickle language and for manipulating pickles to inject shellcode.

- [**60**星][2m] [Py] [psychomario/pyinject](https://github.com/psychomario/pyinject) A python module to help inject shellcode/DLLs into windows processes

- [**43**星][5y] [Py] [borjamerino/tlsinjector](https://github.com/borjamerino/tlsinjector) Python script to inject and run shellcodes through TLS callbacks

- [**27**星][2y] [Py] [taroballzchen/shecodject](https://github.com/TaroballzChen/shecodject) shecodject is a autoscript for shellcode injection by Python3 programing

- [**20**星][3m] [Go] [binject/shellcode](https://github.com/binject/shellcode) Shellcode library as a Go package

- [**19**星][5y] [C] [jorik041/cymothoa](https://github.com/jorik041/cymothoa) Cymothoa is a backdooring tool, that inject backdoor's shellcode directly into running applications. Stealth and lightweight...

- [**16**星][3y] [PLpgSQL] [michaelburge/redshift-shellcode](https://github.com/michaelburge/redshift-shellcode) Example of injecting x64 shellcode into Amazon Redshift

- [**14**星][2y] [chango77747/shellcodeinjector_msbuild](https://github.com/chango77747/shellcodeinjector_msbuild) 

- [**10**星][1y] [C++] [egebalci/injector](https://github.com/egebalci/injector) Simple shellcode injector.

- [**8**星][2y] [C++] [xiaobo93/unmodule_shellcode_inject](https://github.com/xiaobo93/unmodule_shellcode_inject) 无模块注入工程 VS2008

### 文章

- 2019.12 [aliyun] [手工shellcode注入PE文件](https://xz.aliyun.com/t/6939)

- 2019.11 [4hou] [代码注入技术之Shellcode注入](https://www.4hou.com/web/21784.html)

- 2019.11 [ColinHardy] [Excel 4.0 Macros Analysis - Cobalt Strike Shellcode Injection](https://www.youtube.com/watch?v=XnN_UWfHlNM)

- 2019.09 [freebuf] [在遇到shellcode注入进程时所使用的调试技](https://www.freebuf.com/articles/system/212248.html)

- 2019.08 [4hou] [远程进程shellcode注入调试技巧](https://www.4hou.com/system/19852.html)

- 2019.06 [360] [Arm平台Ptrace注入shellcode技术](https://www.anquanke.com/post/id/179985/)

- 2018.10 [pediy] [[原创]代替创建用户线程使用ShellCode注入DLL的小技巧](https://bbs.pediy.com/thread-247515.htm)

- 2018.09 [pediy] [[分享]绝对牛逼哄哄的shellcode内存注入,支持64,32,远程内存注入,支持VMP壳最大强度保护](https://bbs.pediy.com/thread-246934.htm)

- 2018.08 [freebuf] [sRDI：一款通过Shellcode实现反射型DLL注入的强大工具](http://www.freebuf.com/sectool/181426.html)

- 2018.05 [cobaltstrike] [PowerShell Shellcode Injection on Win 10 (v1803)](https://blog.cobaltstrike.com/2018/05/24/powershell-shellcode-injection-on-win-10-v1803/)

- 2017.12 [pentesttoolz] [Shecodject – Autoscript for Shellcode Injection](https://pentesttoolz.com/2017/12/30/shecodject-autoscript-for-shellcode-injection/)

- 2017.12 [MalwareAnalysisForHedgehogs] [Malware Analysis - ROKRAT Unpacking from Injected Shellcode](https://www.youtube.com/watch?v=uoBQE5s2ba4)

- 2017.11 [freebuf] [Metasploit自动化Bypass Av脚本：Shecodject X Shellcode Injection](http://www.freebuf.com/sectool/154356.html)

- 2017.10 [pediy] [[原创]通过Wannacry分析内核shellcode注入dll技术](https://bbs.pediy.com/thread-221756.htm)

- 2017.08 [silentbreaksecurity] [sRDI – Shellcode Reflective DLL Injection](https://silentbreaksecurity.com/srdi-shellcode-reflective-dll-injection/)

- 2015.12 [dhavalkapil] [Shellcode Injection](https://dhavalkapil.com/blogs/Shellcode-Injection/)

- 2015.12 [n0where] [Dynamic Shellcode Injection: Shellter](https://n0where.net/dynamic-shellcode-injection-shellter)

- 2015.10 [freebuf] [Kali Shellter 5.1：动态ShellCode注入工具 绕过安全软件](http://www.freebuf.com/sectool/81955.html)

- 2015.08 [christophertruncer] [Injecting Shellcode into a Remote Process with Python](https://www.christophertruncer.com/injecting-shellcode-into-a-remote-process-with-python/)

- 2015.08 [pediy] [[原创]纯C++编写Win32/X64通用Shellcode注入csrss进程.](https://bbs.pediy.com/thread-203140.htm)

- 2015.07 [BsidesLisbon] [BSidesLisbon2015 - Shellter - A dynamic shellcode injector - Kyriakos Economou](https://www.youtube.com/watch?v=TunWNHYrWp8)

- 2015.06 [freebuf] [动态Shellcode注入工具 – Shellter](http://www.freebuf.com/sectool/71230.html)

- 2015.06 [shelliscoming] [TLS Injector: running shellcodes through TLS callbacks](http://www.shelliscoming.com/2015/06/tls-injector-running-shellcodes-through.html)

- 2014.08 [toolswatch] [Shellter v1.7 A Dynamic ShellCode Injector – Released](http://www.toolswatch.org/2014/08/shellter-v1-7-a-dynamic-shellcode-injector-released/)

- 2014.06 [toolswatch] [[New Tool] Shellter v1.0 A Dynamic ShellCode Injector – Released](http://www.toolswatch.org/2014/06/new-tool-shellter-v1-0-a-dynamic-shellcode-injector-released/)

- 2013.06 [debasish] [Injecting Shellcode into a Portable Executable(PE) using Python](http://www.debasish.in/2013/06/injecting-shellcode-into-portable.html)

- 2013.05 [trustedsec] [Native PowerShell x86 Shellcode Injection on 64-bit Platforms](https://www.trustedsec.com/2013/05/native-powershell-x86-shellcode-injection-on-64-bit-platforms/)

- 2013.05 [pediy] [[原创]内核ShellCode注入的一种方法](https://bbs.pediy.com/thread-170959.htm)

- 2012.10 [hackingarticles] [Cymothoa – Runtime shellcode injection Backdoors](http://www.hackingarticles.in/cymothoa-runtime-shellcode-injection-for-stealthy-backdoors/)

- 2012.09 [hackingarticles] [PyInjector Shellcode Injection attack on Remote PC using Social Engineering Toolkit](http://www.hackingarticles.in/pyinjector-shellcode-injection-attack-on-remote-windows-pc-using-social-engineering-toolkit/)

- 2012.08 [trustedsec] [New tool PyInjector Released – Python Shellcode Injection](https://www.trustedsec.com/2012/08/new-tool-pyinjector-released-python-shellcode-injection/)

- 2011.07 [firebitsbr] [Syringe utility provides ability to inject shellcode into processes](https://firebitsbr.wordpress.com/2011/07/08/syringe-utility-provides-ability-to-inject-shellcode-into-processes/)

- 2007.01 [pediy] [《The Shellcoder's handbook》第十四章_故障注入](https://bbs.pediy.com/thread-38713.htm)

- 2006.02 [pediy] [[原创]ShellCode的另外一种玩法(远程线程注入ShellCode)](https://bbs.pediy.com/thread-21123.htm)

***

## 执行

### 工具

- [**77**星][2m] [C] [dimopouloselias/simpleshellcodeinjector](https://github.com/dimopouloselias/simpleshellcodeinjector) receives as an argument a shellcode in hex and executes it

### 文章

- 2019.09 [4hou] [Windows shellcode执行技术入门指南](https://www.4hou.com/web/19758.html)

- 2019.07 [contextis] [A Beginner’s Guide to Windows Shellcode Execution Techniques](https://www.contextis.com/en/blog/a-beginners-guide-to-windows-shellcode-execution-techniques)

- 2019.03 [countercept] [Dynamic Shellcode Execution](https://countercept.com/blog/dynamic-shellcode-execution/)

- 2019.03 [countercept] [Dynamic Shellcode Execution](https://countercept.com/our-thinking/dynamic-shellcode-execution/)

- 2019.01 [t00ls] [投稿文章：Bypass Applocker + 免杀执行任意 shellcode [ csc + installUtil ]](https://www.t00ls.net/articles-49443.html)

- 2017.09 [] [ShellCode执行代码iptables -P INPUT ACCEPT](http://www.91ri.org/17267.html)

- 2017.04 [osandamalith] [使Windows Loader直接执行ShellCode，IDA载入文件时崩溃，而且绕过大多数杀软。](https://osandamalith.com/2017/04/11/executing-shellcode-directly/)

- 2017.01 [360] [利用原生Windows函数执行shellcode](https://www.anquanke.com/post/id/85372/)

- 2016.12 [evi1cg] [Office Shellcode Execution](https://evi1cg.me/archives/Office_Shellcode_Execution.html)

- 2016.10 [qq] [宏病毒利用EnumDateFormats执行Shellcode创建傀进程绕杀软](https://tav.qq.com/index/newsDetail/260.html)

- 2016.08 [360] [CallWindowProc被宏病毒利用来执行Shellcode](https://www.anquanke.com/post/id/84433/)

- 2016.06 [modexp] [Shellcode: Execute command for x32/x64 Linux / Windows / BSD](https://modexp.wordpress.com/2016/06/04/winux/)

- 2016.03 [modexp] [Shellcodes: Executing Windows and Linux Shellcodes](https://modexp.wordpress.com/2016/03/28/winux-shellcodes/)

- 2015.08 [doyler] [Executing Shellcode with Python](https://www.doyler.net/security-not-included/executing-shellcode-with-python)

- 2014.11 [BSidesCHS] [BSidesCHS 2013 - Session 02 - Java Shellcode Execution](https://www.youtube.com/watch?v=oVT4khoSYBU)

- 2014.07 [pediy] [[原创]从内核在WOW64进程中执行用户态shellcode](https://bbs.pediy.com/thread-190596.htm)

- 2014.03 [sevagas] [Hide meterpreter shellcode in executable](https://blog.sevagas.com/?Hide-meterpreter-shellcode-in-executable)

- 2013.08 [freebuf] [利用vbs优雅的执行shellcode](http://www.freebuf.com/articles/web/11662.html)

- 2013.02 [y0nd13] [HunnyBunny: Execute any shellcode on the](https://y0nd13.blogspot.com/2013/02/hunnybunny-execute-any-shellcode-on-the.html)

- 2012.04 [debasish] [Execute ShellCode Using Python](http://www.debasish.in/2012/04/execute-shellcode-using-python.html)

- 2010.12 [riusksk] [Shellcode分段执行技术原理](http://riusksk.me/2010/12/23/shellcode-split/)

- 2009.02 [pediy] [[原创]从执行流程看shellcode（一）[附源代码]](https://bbs.pediy.com/thread-82327.htm)

- 2008.12 [pediy] [[求助]第五章的通用shellcode在password.txt中始终无法正常执行令我好生头痛](https://bbs.pediy.com/thread-79704.htm)

***

## 工具

- [**353**星][6y] [C] [inquisb/shellcodeexec](https://github.com/inquisb/shellcodeexec) 在内存中执行opcode序列

- [**258**星][1m] [C++] [clinicallyinane/shellcode_launcher](https://github.com/clinicallyinane/shellcode_launcher) Shellcode launcher utility

- [**235**星][4y] [Py] [pyana/pyana](https://github.com/pyana/pyana) 使用Unicorn框架模拟执行Shellcode(Windows)

- [**229**星][2m] [Go] [brimstone/go-shellcode](https://github.com/brimstone/go-shellcode) Load shellcode into a new process

- [**153**星][9m] [Assembly] [peterferrie/win-exec-calc-shellcode](https://github.com/peterferrie/win-exec-calc-shellcode) 执行calc.exe的Shellcode (x86/x64, 所有版本/SPs)

- [**148**星][6m] [Pascal] [coldzer0/cmulator](https://github.com/coldzer0/cmulator) ( x86 - x64 ) Scriptable Reverse Engineering Sandbox Emulator for shellcode and PE binaries . Based on Unicorn & Zydis Engine & javascript

- [**129**星][3y] [PS] [arno0x/dnsdelivery](https://github.com/arno0x/dnsdelivery) delivery and in memory execution of shellcode or .Net assembly using DNS requests delivery channel.

- [**122**星][3y] [C#] [zerosum0x0/runshellcode](https://github.com/zerosum0x0/runshellcode) .NET GUI program that runs shellcode

- [**97**星][6m] [PS] [rvrsh3ll/cplresourcerunner](https://github.com/rvrsh3ll/cplresourcerunner) Run shellcode from resource

- [**91**星][11m] [C] [fireeye/flare-kscldr](https://github.com/fireeye/flare-kscldr) 内核中加载Shellcode: 实例、方法与工具

- [**73**星][6y] [enigma0x3/powershell-payload-excel-delivery](https://github.com/enigma0x3/powershell-payload-excel-delivery) Uses Invoke-Shellcode to execute a payload and persist on the system.

- [**64**星][1y] [C] [emptymonkey/drinkme](https://github.com/emptymonkey/drinkme) 从 stdin 读取 ShellCode 并执行。用于部署 ShellCode 之前测试

- [**57**星][3y] [C] [zerosum0x0/shellcodedriver](https://github.com/zerosum0x0/shellcodedriver) Windows driver to execute arbitrary usermode code (essentially same vulnerability as capcom.sys)

- [**55**星][2y] [C++] [sisoma2/shellcodeloader](https://github.com/sisoma2/shellcodeloader) Small tool to load shellcodes or PEs to analyze them

- [**42**星][1y] [C++] [userexistserror/dllloadershellcode](https://github.com/userexistserror/dllloadershellcode) Shellcode to load an appended Dll

- [**34**星][3y] [Py] [n1nj4sec/pymemimporter](https://github.com/n1nj4sec/pymemimporter) import pyd or execute PE all from memory using only pure python code and some shellcode tricks

- [**26**星][3y] [Ruby] [eik00d/reverse_dns_shellcode](https://github.com/eik00d/reverse_dns_shellcode) Revrese DNS payload for Metasploit: Download Exec x86 shellcode. Also DNS Handler and VBS bot (alsow working over DNS) as PoC included.

- [**23**星][1m] [Py] [thomaskeck/pyshellcode](https://github.com/thomaskeck/pyshellcode) Execute ShellCode / "Inline-Assembler" in Python

- [**18**星][3y] [Py] [0xyg3n/mem64](https://github.com/0xyg3n/mem64) Run Any Native PE file as a memory ONLY Payload , most likely as a shellcode using hta attack vector which interacts with Powershell.

- [**15**星][3y] [C++] [naxalpha/shellcode-loader](https://github.com/naxalpha/shellcode-loader) Shellcode Loader Engine for Windows

- [**4**星][2y] [C] [samvartaka/triton_analysis](https://github.com/samvartaka/triton_analysis) Analysis of the TRITON/TRISIS/HatMan multi-stage PowerPC shellcode payload

- [**2**星][3m] [C] [brimstone/shellload](https://github.com/brimstone/shellload) Load shellcode into a new process, optionally under a false name.

***

## 文章

- 2018.04 [4hou] [一个可以动态分析恶意软件的工具——Kernel Shellcode Loader](http://www.4hou.com/technology/11235.html)

- 2018.04 [fireeye] [内核中加载Shellcode: 实例、方法与工具](http://www.fireeye.com/blog/threat-research/2018/04/loading-kernel-shellcode.html)

- 2017.06 [pediy] [[翻译]Windows内核ShellCode的动态加载和调试](https://bbs.pediy.com/thread-218779.htm)

- 2017.04 [360] [如何从猫咪图片中加载运行shellcode](https://www.anquanke.com/post/id/85824/)

- 2017.02 [modexp] [Shellcode: Fido and how it resolves GetProcAddress and LoadLibraryA](https://modexp.wordpress.com/2017/02/03/shellcode-iat/)

- 2014.02 [govolution] [Writing a download and exec shellcode](https://govolution.wordpress.com/2014/02/02/writing-a-download-and-exec-shellcode/)

# 生成

***

## 工具

- [**693**星][1m] [C] [thewover/donut](https://github.com/thewover/donut) 生成位置无关的shellcode（x86，x64或AMD64 + x86），该shellcode从内存中加载.NET程序集、PE文件和其他Windows有效负载，并使用参数运行它们

- [**582**星][2m] [Shell] [r00t-3xp10it/venom](https://github.com/r00t-3xp10it/venom) shellcode 生成器、编译器、处理器(metasploit)

- [**552**星][8m] [C++] [nytrorst/shellcodecompiler](https://github.com/nytrorst/shellcodecompiler) 将C/C ++样式代码编译成一个小的、与位置无关且无NULL的Shellcode，用于Windows（x86和x64）和Linux（x86和x64）

- [**493**星][1m] [Py] [zdresearch/owasp-zsc](https://github.com/zdresearch/OWASP-ZSC) Shellcode/混淆代码生成器

- [**90**星][3y] [C++] [gdelugre/shell-factory](https://github.com/gdelugre/shell-factory) C++-based shellcode builder

- [**88**星][2m] [Py] [alexpark07/armscgen](https://github.com/alexpark07/armscgen) ARM Shellcode Generator

- [**80**星][3y] [Py] [hatriot/shellme](https://github.com/hatriot/shellme) simple shellcode generator

- [**63**星][5y] [Py] [veil-framework/veil-ordnance](https://github.com/veil-framework/veil-ordnance) Veil-Ordnance is a tool designed to quickly generate MSF stager shellcode

- [**40**星][3y] [Py] [karttoon/trigen](https://github.com/karttoon/trigen) Trigen is a Python script which uses different combinations of Win32 function calls in generated VBA to execute shellcode.

- [**37**星][3y] [C++] [3gstudent/shellcode-generater](https://github.com/3gstudent/shellcode-generater) No inline asm,support x86/x64

- [**33**星][2y] [HTML] [rh0dev/shellcode2asmjs](https://github.com/rh0dev/shellcode2asmjs) Automatically generate ASM.JS JIT-Spray payloads

- [**13**星][4y] [zdresearch/zcr-shellcoder-archive](https://github.com/zdresearch/zcr-shellcoder-archive) ZeroDay Cyber Research - ZCR Shellcoder Archive - z3r0d4y.com Shellcode Generator

- [**13**星][1m] [C++] [hoodoer/enneos](https://github.com/hoodoer/enneos) Evolutionary Neural Network Encoder of Shenanigans. Obfuscating shellcode with an encoder that uses genetic algorithms to evolve neural networks to contain and output the shellcode on demand.

- [**10**星][2m] [C#] [clonemerge/shellgen](https://github.com/CloneMerge/ShellGen) Dynamic and extensible shell code generator with multiple output types which can be formatted in binary, hexadecimal, and the typical shellcode output standard.

- [**4**星][2y] [Shell] [thepisode/linux-shellcode-generator](https://github.com/thepisode/linux-shellcode-generator) Experiments on Linux Assembly shellcodes injection

- [**1**星][4m] [Py] [ins1gn1a/woollymammoth](https://github.com/ins1gn1a/woollymammoth) Toolkit for manual buffer exploitation, which features a basic network socket fuzzer, offset pattern generator and detector, bad character identifier, shellcode carver, and a vanilla EIP exploiter

***

## 文章

- 2019.07 [aliyun] [生成可打印的shellcode](https://xz.aliyun.com/t/5662)

- 2019.07 [4hou] [Shellcode生成工具Donut测试分析](https://www.4hou.com/technology/19123.html)

- 2019.06 [3gstudent] [Shellcode生成工具Donut测试分析](https://3gstudent.github.io/3gstudent.github.io/Shellcode%E7%94%9F%E6%88%90%E5%B7%A5%E5%85%B7Donut%E6%B5%8B%E8%AF%95%E5%88%86%E6%9E%90/)

- 2018.12 [HackerSploit] [Generating Shellcode With Msfvenom](https://www.youtube.com/watch?v=nNt_gRl8RBk)

- 2018.10 [pediy] [[原创] 抛砖引玉之gcc生成可可携带字符串的shellcode](https://bbs.pediy.com/thread-247138.htm)

- 2018.06 [doyler] [Execve Shellcode – Includes Arguments and Generator!](https://www.doyler.net/security-not-included/execve-shellcode-generator)

- 2018.03 [pediy] [[原创]简陋的小工具:DWORD数组形式拷贝shellcode内容;裸函数生成](https://bbs.pediy.com/thread-225030.htm)

- 2018.02 [pentesttoolz] [VENOM 1.0.15 – Metasploit Shellcode Generator/Compiler/Listener](https://pentesttoolz.com/2018/02/11/venom-1-0-15-metasploit-shellcode-generator-compiler-listener/)

- 2017.08 [zerosum0x0] [在线版 混淆字符串/Shellcode 生成器](https://zerosum0x0.blogspot.com/2017/08/obfuscatedencrypted-cc-online-string.html)

- 2017.07 [pediy] [[原创]开源ShellCode生成引擎](https://bbs.pediy.com/thread-219956.htm)

- 2017.07 [msreverseengineering] [SynesthesiaYS 介绍](http://www.msreverseengineering.com/blog/2017/7/15/the-synesthesia-shellcode-generator-code-release-and-future-directions)

- 2017.05 [abatchy] [ROT-N Shellcode Encoder/Generator (Linux x86)](http://www.abatchy.com/2017/05/rot-n-shellcode-encoder-linux-x86)

- 2017.04 [360] [生成自己的Alphanumeric/Printable shellcode](https://www.anquanke.com/post/id/85871/)

- 2017.02 [4hou] [Windows Shellcode学习笔记——通过VisualStudio生成shellcode](http://www.4hou.com/technology/3335.html)

- 2017.01 [christophertruncer] [Shellcode Generation, Manipulation, and Injection in Python 3](https://www.christophertruncer.com/shellcode-manipulation-and-injection-in-python-3/)

- 2017.01 [3gstudent] [Windows Shellcode学习笔记——通过VisualStudio生成shellcode](https://3gstudent.github.io/3gstudent.github.io/Windows-Shellcode%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0-%E9%80%9A%E8%BF%87VisualStudio%E7%94%9F%E6%88%90shellcode/)

- 2017.01 [3gstudent] [Windows Shellcode学习笔记——通过VisualStudio生成shellcode](https://3gstudent.github.io/3gstudent.github.io/Windows-Shellcode%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0-%E9%80%9A%E8%BF%87VisualStudio%E7%94%9F%E6%88%90shellcode/)

- 2016.02 [hackingarticles] [Exploitation of Windows PC using Venom: Shellcode Generator](http://www.hackingarticles.in/exploitation-of-windows-pc-using-venom-shellcode-generator/)

- 2016.02 [freebuf] [工具推荐：Shellsploit，ShellCode生成器](http://www.freebuf.com/sectool/95039.html)

- 2016.01 [n0where] [Shellcode Generator: Venom](https://n0where.net/shellcode-generator-venom)

- 2015.02 [govolution] [Null Free Windows WinExec Shellcode & Tool for generating Payload](https://govolution.wordpress.com/2015/02/07/one-for-all-null-free-windows-winexec-shellcode-tool-for-generating-payload/)

- 2014.04 [securityblog] [How to generate shellcode from custom exe in metasploit](http://securityblog.gr/2144/how-to-generate-shellcode-from-custom-exe-in-metasploit/)

- 2012.05 [freebuf] [phpcodegen-library[php生成shellcode函数库]](http://www.freebuf.com/sectool/1941.html)

- 2007.11 [pediy] [[原创]生成一个关于URLDownloadToFile的shellcode机器码](https://bbs.pediy.com/thread-55326.htm)

# 转换

***

## 工具

- [**635**星][4m] [PS] [monoxgas/srdi](https://github.com/monoxgas/srdi) Shellcode实现的反射DLL注入。将DLL转换为位置无关的Shellcode

- [**407**星][3m] [Assembly] [hasherezade/pe_to_shellcode](https://github.com/hasherezade/pe_to_shellcode) 将PE文件转换为Shellcode

- [**79**星][2y] [Py] [blacknbunny/shellcode2assembly](https://github.com/blacknbunny/shellcode2assembly) 

- [**49**星][8m] [C] [w1nds/dll2shellcode](https://github.com/w1nds/dll2shellcode) dll转shellcode工具

- [**34**星][5y] [C++] [5loyd/makecode](https://github.com/5loyd/makecode) Dll Convert to Shellcode.

- [**18**星][3y] [Py] [after1990s/pe2shellcode](https://github.com/after1990s/pe2shellcode) pe2shellcode

- [**12**星][1m] [Py] [davinci13/exe2shell](https://github.com/davinci13/exe2shell) Converts exe to shellcode.

- [**10**星][3y] [Perl] [gnebbia/shellcoder](https://github.com/gnebbia/shellcoder) Create shellcode from executable or assembly code

- [**5**星][10m] [C++] [giantbranch/convert-c-javascript-shellcode](https://github.com/giantbranch/convert-c-javascript-shellcode) C与javascript格式的shellcode相互转换小工具

- [**2**星][7y] [C] [hamza-megahed/binary2shellcode](https://github.com/hamza-megahed/binary2shellcode) binary to shellcode converter

- [**0**星][6y] [Py] [yatebyalubaluniyat/rawshellcode2exe](https://github.com/yatebyalubaluniyat/rawshellcode2exe) converts raw shellcode to exe

***

## 文章

- 2017.11 [pediy] [[原创]【Python】使用Python将Shellcode转换成汇编](https://bbs.pediy.com/thread-222965.htm)

- 2017.11 [freebuf] [如何把shellcode转换成exe文件分析](http://www.freebuf.com/articles/web/152879.html)

- 2015.12 [hexacorn] [Converting Shellcode to Portable Executable (32- and 64- bit)](http://www.hexacorn.com/blog/2015/12/10/converting-shellcode-to-portable-executable-32-and-64-bit/)

# 分析

***

## 漏洞

***

## 工具

- [**203**星][2y] [Py] [rootlabs/smap](https://github.com/suraj-root/smap) Handy tool for shellcode analysis

- [**166**星][2y] [C] [oalabs/blobrunner](https://github.com/oalabs/blobrunner) Quickly debug shellcode extracted during malware analysis

- [**39**星][4y] [Py] [dungtv543/dutas](https://github.com/dungtv543/dutas) Analysis PE file or Shellcode

- [**38**星][5y] [C++] [adamkramer/jmp2it](https://github.com/adamkramer/jmp2it) Transfer EIP control to shellcode during malware analysis investigation

- [**11**星][5y] [Py] [debasishm89/qhook](https://github.com/debasishm89/qhook) qHooK is very simple python script (dependent on pydbg) which hooks user defined Win32 APIs in any process and monitor then while process is running and at last prepare a CSV report with various interesting information which can help reverse engineer to track down / analyse unknown exploit samples / shellcode.

***

## 文章

- 2019.10 [sentinelone] [Building A Custom Tool For Shellcode Analysis](https://www.sentinelone.com/blog/building-a-custom-tool-for-shellcode-analysis/)

- 2019.04 [freebuf] [Xori：一款针对PE32和Shellcode的自动化反编译与静态分析库](https://www.freebuf.com/sectool/199629.html)

- 2019.03 [sans] ["VelvetSweatshop" Maldocs: Shellcode Analysis](https://isc.sans.edu/forums/diary/VelvetSweatshop+Maldocs+Shellcode+Analysis/24776/)

- 2019.01 [360] [对某HWP漏洞样本的shellcode分析](https://www.anquanke.com/post/id/169872/)

- 2018.10 [MSbluehat] [BlueHat v18 || Linear time shellcode detection using state machines and operand analysis on the runtime](https://www.slideshare.net/MSbluehat/bluehat-v18-linear-time-shellcode-detection-using-state-machines-and-operand-analysis-on-the-runtime)

- 2018.09 [ironcastle] [Analyzing Encoded Shellcode with scdbg, (Mon, Sep 24th)](https://www.ironcastle.net/analyzing-encoded-shellcode-with-scdbg-mon-sep-24th/)

- 2018.09 [sans] [Analyzing Encoded Shellcode with scdbg](https://isc.sans.edu/forums/diary/Analyzing+Encoded+Shellcode+with+scdbg/24134/)

- 2018.09 [dist67] [Using scdbg to analyze shellcode](https://www.youtube.com/watch?v=SHgIVMVnP0w)

- 2018.09 [ironcastle] [Video: Using scdbg to analyze shellcode, (Sat, Sep 8th)](https://www.ironcastle.net/video-using-scdbg-to-analyze-shellcode-sat-sep-8th/)

- 2018.09 [sans] [Another quickie: Using scdbg to analyze shellcode](https://isc.sans.edu/forums/diary/Another+quickie+Using+scdbg+to+analyze+shellcode/24058/)

- 2018.08 [doyler] [Metasploit Shellcode Analysis – read_file via ndisasm (SLAE Exam #5.1)](https://www.doyler.net/security-not-included/metasploit-shellcode-analysis)

- 2018.06 [nao] [Analyzing Shellcode of GrandSoft's CVE-2018-8174](https://www.nao-sec.org/2018/06/analyzing-shellcode-of-grandsofts-cve.html)

- 2018.05 [pediy] [[原创]od逆向分析栈溢出shellcode](https://bbs.pediy.com/thread-226476.htm)

- 2018.02 [sans] [Analyzing compressed shellcode](https://isc.sans.edu/forums/diary/Analyzing+compressed+shellcode/23335/)

- 2017.07 [360] [EternalBlue Shellcode详细分析](https://www.anquanke.com/post/id/86392/)

- 2017.05 [360] [NSA武器库：DoublePulsar初始SMB后门shellcode分析](https://www.anquanke.com/post/id/86112/)

- 2017.04 [zerosum0x0] [NSA武器库：DoublePulsar初始SMB后门shellcode分析](https://zerosum0x0.blogspot.com/2017/04/doublepulsar-initial-smb-backdoor-ring.html)

- 2017.03 [cysinfo] [Episode 3 – Shellcode Analysis with APITracker](https://cysinfo.com/episode-3-shellcode-analysis-apitracker/)

- 2016.12 [360] [恶意文档分析：从宏指令到Shellcode](https://www.anquanke.com/post/id/85147/)

- 2016.11 [dist67] [Hancitor Maldoc: Shellcode Dynamic Analysis](https://www.youtube.com/watch?v=N9fqJ0DYs0g)

- 2016.02 [miasm] [Dynamic shellcode analysis](http://www.miasm.re/blog/2016/02/12/dynamic_shellcode_analysis.html)

- 2016.01 [freebuf] [Shellcode分析工具PyAna](http://www.freebuf.com/sectool/92990.html)

- 2015.07 [tencent] [Hacking Team Mac OSX 64位 Shellcode 技术分析](https://security.tencent.com/index.php/blog/msg/89)

- 2015.07 [riusksk] [Hacking Team 武器库研究（五）：Mac OSX 64位 Shellcode 技术分析](http://riusksk.me/2015/07/15/Hacking-Team-武器库研究（五）：Mac-OSX-64位-Shellcode-技术分析/)

- 2015.06 [pediy] [[原创]格盘的shellcode分析](https://bbs.pediy.com/thread-201485.htm)

- 2015.02 [pediy] [[原创]解析coff文件之提取shellcode代码](https://bbs.pediy.com/thread-198188.htm)

- 2015.01 [checkpoint] [Diving into a Silverlight Exploit and Shellcode – Analysis and Techniques | Check Point Software Blog](https://blog.checkpoint.com/2015/01/08/diving-into-a-silverlight-exploit-and-shellcode-analysis-and-techniques-3/)

- 2014.12 [sans] [Analyzing Shellcode Extracted from Malicious RTF Documents](https://digital-forensics.sans.org/blog/2014/12/23/analyzing-shellcode-extracted-from-malicious-rtf-other-documents)

- 2014.12 [jowto] [某EXCEL漏洞样本shellcode分析](http://blog.jowto.com/?p=81)

- 2014.12 [thembits] [RIG Exploit Kit - Shellcode analysis](http://thembits.blogspot.com/2014/12/rig-exploit-kit-shellcode-analysis.html)

- 2014.09 [radare] [Adventures with Radare2 #1: A Simple Shellcode Analysis](http://radare.today/posts/adventures-with-radare2-1-a-simple-shellcode-analysis/)

- 2014.09 [radare] [Adventures with Radare2 #1: A Simple Shellcode Analysis](https://radareorg.github.io/blog/posts/adventures-with-radare2-1-a-simple-shellcode-analysis/)

- 2014.07 [pediy] [[原创]一段 shellcode 代码的分析](https://bbs.pediy.com/thread-190214.htm)

- 2014.01 [govolution] [SLAE Assignment 5: Shellcode Analysis](https://govolution.wordpress.com/2014/01/24/slae-assignment-5-shellcode-analysis/)

- 2011.11 [pediy] [[原创]简单Shellcode的详细分析](https://bbs.pediy.com/thread-142689.htm)

- 2011.09 [beistlab] [한글 제로데이 쉘코드 간략 분석 (Quick analyzing HanGul 0day shellcode)](https://beistlab.wordpress.com/2011/09/27/hangul_0day_is_used_for_targeted_attacks/)

- 2011.03 [pediy] [[原创]POC分析助手-ShellcodeDumper](https://bbs.pediy.com/thread-131265.htm)

- 2011.03 [pediy] [[原创]一个word溢出样本的shellcode分析](https://bbs.pediy.com/thread-130249.htm)

- 2010.09 [pediy] [[原创]CVE-2006-2389漏洞shellcode解析](https://bbs.pediy.com/thread-121380.htm)

- 2010.09 [pediy] [[原创]CVE-2010-1297漏洞shellcode简析](https://bbs.pediy.com/thread-121236.htm)

- 2010.06 [forcepoint] [Crypto-Analysis in Shellcode Detection](https://www.forcepoint.com/blog/security-labs/crypto-analysis-shellcode-detection)

- 2010.01 [hexblog] [PDF file loader to extract and analyse shellcode](http://www.hexblog.com/?p=110)

- 2009.10 [pediy] [[原创]windows下的shellcode剖析浅谈](https://bbs.pediy.com/thread-99007.htm)

- 2009.06 [microsoft] [Shellcode Analysis via MSEC Debugger Extensions](https://msrc-blog.microsoft.com/2009/06/05/shellcode-analysis-via-msec-debugger-extensions/)

- 2009.03 [alienvault] [Ossim: Shellcode Detection and Analysis](https://www.alienvault.com/blogs/labs-research/ossim-shellcode-detection-and-analysis)

- 2008.10 [pediy] [[原创]一个word溢出样本ShellCode的分析](https://bbs.pediy.com/thread-75517.htm)

- 2008.09 [sans] [Static analysis of Shellcode - Part 2](https://isc.sans.edu/forums/diary/Static+analysis+of+Shellcode+Part+2/4972/)

- 2008.09 [sans] [Static analysis of Shellcode](https://isc.sans.edu/forums/diary/Static+analysis+of+Shellcode/4970/)

- 2008.06 [pediy] [[原创]flash漏洞所用shellcode的分析](https://bbs.pediy.com/thread-65907.htm)

- 2007.12 [pediy] [[技术专题]软件漏洞分析入门_6_初级shellcode_定位缓冲区](https://bbs.pediy.com/thread-56755.htm)

- 2007.06 [pediy] [[原创]一份shellcode的详细分析](https://bbs.pediy.com/thread-46068.htm)

- 2007.04 [msreverseengineering] [Shellcode Analysis](http://www.msreverseengineering.com/blog/2014/6/22/shellcode-analysis)

- 2006.11 [pediy] [[原创]用softice对doc捆绑木马或exe文件的程序的shellcode分析](https://bbs.pediy.com/thread-34664.htm)

# BypassXxx

***

## AV

### 工具

- [**322**星][1m] [C#] [hackplayers/salsa-tools](https://github.com/hackplayers/salsa-tools) ShellReverse TCP/UDP/ICMP/DNS/SSL/BINDTCP/Shellcode/SILENTTRINITY and AV bypass, AMSI patched

- [**195**星][1y] [Py] [mr-un1k0d3r/unibyav](https://github.com/mr-un1k0d3r/unibyav)  a simple obfuscator that take raw shellcode and generate executable that are Anti-Virus friendly.

- [**177**星][3y] [Py] [arno0x/shellcodewrapper](https://github.com/arno0x/shellcodewrapper) 支持多种语言的Shellcode包装器，支持编码/加密。可用于绕过杀软

- [**84**星][2y] [C] [hvqzao/foolavc](https://github.com/hvqzao/foolavc) foolav successor - loads DLL, executable or shellcode into memory and runs it effectively bypassing AV

- [**78**星][1m] [Py] [k8gege/scrun](https://github.com/k8gege/scrun) BypassAV ShellCode Loader (Cobaltstrike/Metasploit)

### 文章

- 2020.03 [freebuf] [远控免杀从入门到实践（8）-shellcode免杀实践](https://www.freebuf.com/articles/system/228233.html)

- 2020.02 [aliyun] [那些shellcode免杀总结](https://xz.aliyun.com/t/7170)

- 2019.12 [aliyun] [shellcode加密过杀软](https://xz.aliyun.com/t/6995)

- 2019.05 [4hou] [绕过杀软：通过网络接收ShellCode的无文件攻击方式与检测方法](https://www.4hou.com/technology/16845.html)

- 2017.08 [modexp] [使用名为 Maru 的哈希函数创建permutable API hash，逃避杀软检测](https://modexp.wordpress.com/2017/08/05/shellcode-maru-hash/)

- 2017.03 [4hou] [免杀的艺术：史上最全的汇编Shellcode的技巧（三）](http://www.4hou.com/technology/3893.html)

- 2017.03 [pentest] [反检测的艺术（Part 3：Shellcode Alchemy）](https://pentest.blog/art-of-anti-detection-3-shellcode-alchemy/)

- 2015.09 [] [使用shellcode打造MSF免杀payload](http://www.91ri.org/14240.html)

- 2013.08 [] [encode msf shellcode绕过杀毒](http://www.91ri.org/6877.html)

***

## 工具

- [**262**星][2y] [Py] [cryptolok/morphaes](https://github.com/cryptolok/morphaes) 多态shellcode引擎，具有变态特性并能够绕过沙箱，绕过IDPS检测

- [**226**星][7m] [Py] [infosecn1nja/maliciousmacromsbuild](https://github.com/infosecn1nja/maliciousmacromsbuild) 生成恶意宏，通过MSBuild执行PowerShell或Shellcode，绕过白名单

- [**159**星][3m] [Py] [rvn0xsy/cooolis-ms](https://github.com/rvn0xsy/cooolis-ms) Cooolis-ms is a server that supports the Metasploit Framework RPC. It is used to work with the Shellcode and PE loader. To some extent, it bypasses the static killing of anti-virus software, and allows the Cooolis-ms server to communicate with the Metasploit server. Separation.

- [**154**星][2m] [C#] [fireeye/duedlligence](https://github.com/fireeye/duedlligence) Shellcode runner for all application whitelisting bypasses

- [**3**星][2y] [Py] [manojcode/foxit-reader-rce-with-virualalloc-and-shellcode-for-cve-2018-9948-and-cve-2018-9958](https://github.com/manojcode/foxit-reader-rce-with-virualalloc-and-shellcode-for-cve-2018-9948-and-cve-2018-9958) Foxit Reader version 9.0.1.1049 Use After Free with ASLR and DEP bypass on heap

***

## 文章

- 2019.11 [freebuf] [红蓝对抗之如何利用Shellcode来躲避安全检测](https://www.freebuf.com/articles/system/216742.html)

- 2019.03 [360] [如何利用OOB数据绕过防火墙对shellcode的拦截](https://www.anquanke.com/post/id/173610/)

- 2018.07 [pediy] [[翻译]English Shellcode - 散文化Shellcode - 绕过对有效载荷的静态检测的思路](https://bbs.pediy.com/thread-229634.htm)

- 2017.08 [pediy] [[原创][原创]给shellcode找块福地－ 通过VDSO绕过PXN](https://bbs.pediy.com/thread-220057.htm)

- 2017.04 [4hou] [Windows Shellcode学习笔记——利用VirtualAlloc绕过DEP](http://www.4hou.com/technology/4093.html)

- 2017.03 [4hou] [Windows Shellcode学习笔记——通过VirtualProtect绕过DEP](http://www.4hou.com/technology/3943.html)

- 2017.03 [3gstudent] [Windows Shellcode学习笔记——利用VirtualAlloc绕过DEP](https://3gstudent.github.io/3gstudent.github.io/Windows-Shellcode%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0-%E5%88%A9%E7%94%A8VirtualAlloc%E7%BB%95%E8%BF%87DEP/)

- 2017.03 [3gstudent] [Windows Shellcode学习笔记——利用VirtualAlloc绕过DEP](https://3gstudent.github.io/3gstudent.github.io/Windows-Shellcode%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0-%E5%88%A9%E7%94%A8VirtualAlloc%E7%BB%95%E8%BF%87DEP/)

- 2017.03 [3gstudent] [Windows Shellcode学习笔记——通过VirtualProtect绕过DEP](https://3gstudent.github.io/3gstudent.github.io/Windows-Shellcode%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0-%E9%80%9A%E8%BF%87VirtualProtect%E7%BB%95%E8%BF%87DEP/)

- 2017.03 [3gstudent] [Windows Shellcode学习笔记——通过VirtualProtect绕过DEP](https://3gstudent.github.io/3gstudent.github.io/Windows-Shellcode%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0-%E9%80%9A%E8%BF%87VirtualProtect%E7%BB%95%E8%BF%87DEP/)

- 2012.08 [pediy] [[原创]一种反检测的Shellcode GetPC方法Flush GetPC](https://bbs.pediy.com/thread-154689.htm)

- 2011.12 [greyhathacker] [Bypassing EMET’s EAF with custom shellcode using kernel pointer](http://www.greyhathacker.net/?p=483)

# ARM

***

## 工具

- [**180**星][3m] [C] [odzhan/shellcode](https://github.com/odzhan/shellcode) 针对Windows/Linux/BSD的Shellcode

- [**41**星][1y] [Assembly] [therealsaumil/arm_shellcode](https://github.com/therealsaumil/arm_shellcode) Make ARM Shellcode Great Again

***

## 文章

- 2019.06 [hitbsecconf] [#HITB2019AMS D1T1 - Make ARM Shellcode Great Again - Saumil Shah](https://www.youtube.com/watch?v=c_jUELOScLc)

- 2019.04 [X0x0FFB347] [Shellcode for IoT: A Password-Protected Reverse Shell (Linux/ARM)](https://medium.com/p/a18fcda4853b)

- 2019.02 [senr] [Why is My Perfectly Good Shellcode Not Working?: Cache Coherency on MIPS and ARM](https://blog.senr.io/blog/why-is-my-perfectly-good-shellcode-not-working-cache-coherency-on-mips-and-arm)

- 2018.10 [Cooper] [Hack.lu 2018: Make ARM Shellcode Great Again - Saumil Udayan Shah](https://www.youtube.com/watch?v=9tx293lbGuc)

- 2018.02 [modexp] [ARM 汇编初学者指南](https://modexp.wordpress.com/2018/02/04/arm-crypto/)

- 2017.09 [modexp] [Shellcode: Linux ARM (AArch64)](https://modexp.wordpress.com/2017/09/11/shellcode-linux-aarch64/)

- 2017.09 [modexp] [Shellcode: Linux ARM Thumb mode](https://modexp.wordpress.com/2017/09/09/shellcode-linux-arm-thumb/)

- 2016.08 [arxiv] [[1608.03415] ARMv8 Shellcodes from 'A' to 'Z'](https://arxiv.org/abs/1608.03415)

- 2015.07 [osandamalith] [Getting Shellcode from ARM Binaries](https://osandamalith.com/2015/07/02/getting-shellcode-from-arm-binaries/)

# 其他

***

## 工具

### 收集

- [**981**星][1m] [Py] [nullsecuritynet/tools](https://github.com/nullsecuritynet/tools) 收集：安全工具、Exp、PoC、Shellcode、脚本

### 新添加

- [**179**星][2y] [PS] [mattifestation/pic_bindshell](https://github.com/mattifestation/pic_bindshell) Position Independent Windows Shellcode Written in C

- [**156**星][3y] [Py] [secretsquirrel/fido](https://github.com/secretsquirrel/fido) Teaching old shellcode new tricks

- [**155**星][4y] [C] [ixty/xarch_shellcode](https://github.com/ixty/xarch_shellcode) Cross Architecture Shellcode in C

- [**148**星][4y] [Py] [kgretzky/python-x86-obfuscator](https://github.com/kgretzky/python-x86-obfuscator) This is a **WIP** tool that performs shellcode obfuscation in x86 instruction set.

- [**129**星][4y] [Assembly] [osirislab/shellcode](https://github.com/osirislab/Shellcode) a repository of Shellcode written by students in NYU-Polytechnic's ISIS lab.

- [**124**星][6y] [tombkeeper/shellcode_template_in_c](https://github.com/tombkeeper/shellcode_template_in_c) 

- [**115**星][5y] [C] [mariovilas/shellcode_tools](https://github.com/mariovilas/shellcode_tools) Miscellaneous tools written in Python, mostly centered around shellcodes.

- [**76**星][2y] [Assembly] [zznop/pop-nedry](https://github.com/zznop/pop-nedry) x86-64 Windows shellcode that recreates the Jurassic Park hacking scene (Ah, ah, ah... you didn't' say the magic word!)

- [**66**星][4y] [Assembly] [scorchsecurity/systorm](https://github.com/scorchsecurity/systorm) NASM Standard Library for shellcode

- [**60**星][1m] [Py] [ohjeongwook/shellcodeemulator](https://github.com/ohjeongwook/shellcodeemulator) Shellcode emulator written with Unicorn

- [**60**星][2m] [VBScript] [djhohnstein/scatterbrain](https://github.com/djhohnstein/scatterbrain) Suite of Shellcode Running Utilities

- [**59**星][4y] [C] [k2/admmutate](https://github.com/k2/admmutate) Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others

- [**57**星][3m] [C] [buffer/libemu](https://github.com/buffer/libemu) x86 emulation and shellcode detection

- [**56**星][6y] [C] [devzero2000/shellcoderhandbook](https://github.com/devzero2000/shellcoderhandbook) shellcoderhandbook source code : "The Shellcoder's Handbook: Discovering and Exploiting Security Holes"

- [**49**星][4y] [Assembly] [t00sh/assembly](https://github.com/t00sh/assembly) Collection of Linux shellcodes

- [**44**星][3y] [C] [p0cl4bs/shellcodes](https://github.com/p0cl4bs/shellcodes) 

- [**44**星][1m] [Py] [offsecginger/pythonaesobfuscate](https://github.com/offsecginger/pythonaesobfuscate) Obfuscates a Python Script and the accompanying Shellcode.

- [**43**星][8y] [C] [hellman/shtest](https://github.com/hellman/shtest) Simple shellcode testing tool.

- [**39**星][4y] [C] [laginimaineb/waroftheworlds](https://github.com/laginimaineb/waroftheworlds) QSEE Shellcode to directly hijack the "Normal World" Linux Kernel

- [**38**星][5m] [Py] [desword/shellcode_tools](https://github.com/desword/shellcode_tools) Useful tools for writing shellcode

- [**38**星][4y] [Assembly] [sh3llc0d3r1337/windows_reverse_shell_1](https://github.com/sh3llc0d3r1337/windows_reverse_shell_1) Windows Reverse Shell shellcode

- [**36**星][3y] [Assembly] [mortenschenk/token-stealing-shellcode](https://github.com/mortenschenk/token-stealing-shellcode) 

- [**34**星][8m] [C] [csandker/inmemoryshellcode](https://github.com/csandker/inmemoryshellcode) A Collection of In-Memory Shellcode Execution Techniques for Windows

- [**34**星][2m] [Py] [skybulk/bin2sc](https://github.com/skybulk/bin2sc) Binary to shellcode from an object/executable format 32 & 64-bit PE , ELF

- [**33**星][3y] [Py] [mipu94/broids_unicorn](https://github.com/mipu94/broids_unicorn) simple plugin to detect shellcode on Bro IDS with Unicorn

- [**27**星][7y] [C] [hacksysteam/shellcodeofdeath](https://github.com/hacksysteam/shellcodeofdeath) Shellcode Of Death

- [**26**星][2y] [C] [embedi/tcl_shellcode](https://github.com/embedi/tcl_shellcode) A template project for creating a shellcode for the Cisco IOS in the C language

- [**26**星][5m] [C] [ufrisk/shellcode64](https://github.com/ufrisk/shellcode64) A minimal tool to extract shellcode from 64-bit PE binaries.

- [**25**星][3y] [C] [osandamalith/shellcodes](https://github.com/osandamalith/shellcodes) My Shellcode Archive

- [**25**星][5y] [C++] [rootkitsmm/winio-vidix](https://github.com/rootkitsmm/winio-vidix) Exploit WinIo - Vidix and Run Shellcode in Windows Kerne ( local Privilege escalation )

- [**24**星][5y] [C#] [tophertimzen/shellcodetester](https://github.com/tophertimzen/shellcodetester) GUI Application in C# to run and disassemble shellcode

- [**23**星][5y] [Assembly] [zerosum0x0/slae64](https://github.com/zerosum0x0/slae64) x64 Linux Shellcode

- [**23**星][3m] [Py] [zerosteiner/crimson-forge](https://github.com/zerosteiner/crimson-forge) Sustainable shellcode evasion

- [**21**星][4y] [Visual Basic .NET] [osandamalith/vbshellcode](https://github.com/osandamalith/vbshellcode) Making shellcode UD -

- [**20**星][2y] [Py] [danielhenrymantilla/shellcode-factory](https://github.com/danielhenrymantilla/shellcode-factory) Tool to create and test shellcodes from custom assembly sources (with some encoding options)

- [**20**星][5m] [Assembly] [pinkp4nther/shellcodes](https://github.com/pinkp4nther/shellcodes) I'll post my custom shellcode I make here!

- [**20**星][1y] [C] [m0rv4i/ridgway](https://github.com/m0rv4i/ridgway) A quick tool for hiding a new process running shellcode.

- [**19**星][4y] [Assembly] [bruce30262/x86_shellcode_tutorial](https://github.com/bruce30262/x86_shellcode_tutorial) A training course for BambooFox

- [**17**星][2y] [Py] [hamza-megahed/pentest-with-shellcode](https://github.com/hamza-megahed/pentest-with-shellcode) Penetration testing with shellcode codes

- [**15**星][1m] [C] [compilepeace/kaal_bhairav](https://github.com/compilepeace/kaal_bhairav) an ELF (ET_EXEC and ET_DYN) infector that infects system binaries with custom shellcode

- [**15**星][2y] [Py] [nullarray/shellware](https://github.com/nullarray/shellware) Persistent bind shell via pythonic shellcode execution, and registry tampering.

- [**11**星][8m] [Assembly] [egebalci/selfdefense](https://github.com/EgeBalci/SelfDefense) Several self-defense shellcodes

- [**10**星][2y] [Py] [1project/scanr](https://github.com/1project/scanr) Detect x86 shellcode in files and traffic.

- [**10**星][3m] [C] [hc0d3r/scdump](https://github.com/hc0d3r/scdump) shellcode dumper

- [**9**星][11m] [C] [eahlstrom/ucui-unicorn](https://github.com/eahlstrom/ucui-unicorn) ncurses shellcode/instructions tester using unicorn-engine

- [**8**星][3y] [Py] [breaktoprotect/shellcarver](https://github.com/breaktoprotect/shellcarver) 使用限制字符集在内存雕刻（Carve ） shellcode。手动版的 msfvenom -b

- [**8**星][5y] [hoainam1989/shellcode](https://github.com/hoainam1989/shellcode) Tut for making Linux Shellcode

- [**7**星][3y] [Assembly] [mortenschenk/acl_edit](https://github.com/mortenschenk/acl_edit) Assembly code to use for Windows kernel shellcode to edit winlogon.exe ACL

- [**7**星][11m] [C] [lnslbrty/bufflow](https://github.com/lnslbrty/bufflow) A collection of security related code examples e.g. a buffer overflow including an exploit, crypters, shellcodes and more.

- [**6**星][3y] [C] [degrigis/exploitation](https://github.com/degrigis/exploitation) Repo for various exploitation utilities/PoC/Shellcodes/CTF solutions

- [**6**星][11m] [Assembly] [govolution/win32shellcode](https://github.com/govolution/win32shellcode) 

- [**4**星][4y] [Assembly] [theevilbit/shellcode](https://github.com/theevilbit/shellcode) Some random shellcodes I created

- [**2**星][5y] [Assembly] [govolution/moreshellcode](https://github.com/govolution/moreshellcode) 

- [**2**星][2y] [hamza-megahed/shellcode](https://github.com/hamza-megahed/shellcode) Linux/x86 Shellcodes

- [**1**星][2y] [orf53975/rig-exploit-for-cve-2018-8174](https://github.com/orf53975/rig-exploit-for-cve-2018-8174) Rig Exploit for CVE-2018-8174 As with its previous campaigns, Rig’s Seamless campaign uses malvertising. In this case, the malvertisements have a hidden iframe that redirects victims to Rig’s landing page, which includes an exploit for CVE-2018-8174 and shellcode. This enables remote code execution of the shellcode obfuscated in the landing page…

- [**1**星][3y] [Ruby] [shayanzare/obj2shellcode](https://github.com/shayanzare/obj2shellcode) Objdump to ShellCode

- [**1**星][6y] [Assembly] [stephenbradshaw/shellcode](https://github.com/stephenbradshaw/shellcode) Various shell code I have written

- [**1**星][6m] [Assembly] [push4d/shellcode-alfanumerico---spawn-bin-sh-elf-x86-](https://github.com/push4d/shellcode-alfanumerico---spawn-bin-sh-elf-x86-) PoC Shellcode alfanumerico (Solo numeros y letras (mayúsculas y minúsculas)) para invocar un /bin/sh, ELF x86

- [**1**星][10y] [Assembly] [skylined/w32-bind-ngs-shellcode](https://github.com/skylined/w32-bind-ngs-shellcode) Automatically exported from code.google.com/p/w32-bind-ngs-shellcode

- [**0**星][2y] [Assembly] [felixzhang00/shellcode_example](https://github.com/felixzhang00/shellcode_example) 

- [**0**星][2y] [Py] [orangepirate/cve-2018-9948-9958-exp](https://github.com/orangepirate/cve-2018-9948-9958-exp) a exp for cve-2018-9948/9958 , current shellcode called win-calc

- [**0**星][5y] [C] [quantumvm/forkshellcode](https://github.com/quantumvm/forkshellcode) Runs and executable and forks shellcode.

- [**0**星][4y] [Makefile] [sh3llc0d3r1337/slae32-polymorphic-shellcodes](https://github.com/sh3llc0d3r1337/slae32-polymorphic-shellcodes) SLAE32 Assignment #6 - Polymorphic shellcodes

- [**0**星][5y] [Py] [wjlandryiii/shellcode](https://github.com/wjlandryiii/shellcode) my shellcode

### 其他

- [**2425**星][2y] [Py] [secretsquirrel/the-backdoor-factory](https://github.com/secretsquirrel/the-backdoor-factory) 为PE, ELF, Mach-O二进制文件添加Shellcode后门

- [**2209**星][1m] [Py] [trustedsec/unicorn](https://github.com/trustedsec/unicorn) 通过PowerShell降级攻击, 直接将Shellcode注入到内存

- [**664**星][1y] [Rust] [endgameinc/xori](https://github.com/endgameinc/xori) 自动化反汇编、静态分析库，适用于PE32, 32+ 和shellcode

- [**470**星][3y] [Py] [trustedsec/meterssh](https://github.com/trustedsec/meterssh) 将Shellcode注入内存，然后通过SSH隧道传输（端口任选，并伪装成普通SSH连接）

- [**430**星][2m] [C] [hasherezade/hollows_hunter](https://github.com/hasherezade/hollows_hunter) Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

- [**225**星][1m] [PS] [outflanknl/excel4-dcom](https://github.com/outflanknl/excel4-dcom) PowerShell和Cobalt Strike脚本，通过DCOM执行Excel4.0/XLM宏实现横向渗透（直接向Excel.exe注入Shellcode）

***

## 文章

### 新添加

- 2020.02 [3gstudent] [通过Mono(跨平台.NET运行环境)执行shellcode](https://3gstudent.github.io/3gstudent.github.io/%E9%80%9A%E8%BF%87Mono(%E8%B7%A8%E5%B9%B3%E5%8F%B0.NET%E8%BF%90%E8%A1%8C%E7%8E%AF%E5%A2%83)%E6%89%A7%E8%A1%8Cshellcode/)

- 2020.02 [3gstudent] [通过Boolang语言执行shellcode的利用分析](https://3gstudent.github.io/3gstudent.github.io/%E9%80%9A%E8%BF%87Boolang%E8%AF%AD%E8%A8%80%E6%89%A7%E8%A1%8Cshellcode%E7%9A%84%E5%88%A9%E7%94%A8%E5%88%86%E6%9E%90/)

- 2019.12 [johnlatwc] [Early Security Stories — Green Shellcode Contest](https://medium.com/p/c9aa151b441c)

- 2019.11 [aliyun] [shellcode 的艺术](https://xz.aliyun.com/t/6645)

- 2019.08 [osandamalith] [Running Shellcode Directly in C](https://osandamalith.com/2019/08/27/running-shellcode-directly-in-c/)

- 2019.08 [code610] [ret2shellcode challenge](https://code610.blogspot.com/2019/08/ret2shellcode-challenge.html)

- 2019.08 [sentinelone] [Malicious Input: How Hackers Use Shellcode](https://www.sentinelone.com/blog/malicious-input-how-hackers-use-shellcode/)

- 2019.07 [pcsxcetrasupport3] [Those Pesky Powershell Shellcode’s And How To Understand Them](https://pcsxcetrasupport3.wordpress.com/2019/07/07/those-pesky-powershell-shellcodes-and-how-to-understand-them/)

- 2019.07 [gironsec] [A Shellcode Idea](https://www.gironsec.com/blog/2019/07/a-shellcode-idea/)

- 2019.06 [gironsec] [Expiring Shellcode update](https://www.gironsec.com/blog/2019/06/expiring-shellcode-update/)

- 2019.05 [X0x0FFB347] [Solving MalwareTech Shellcode challenges with some radare2 magic!](https://medium.com/p/b91c85babe4b)

- 2019.05 [osandamalith] [Shellcode to Dump the Lsass Process](https://osandamalith.com/2019/05/11/shellcode-to-dump-the-lsass-process/)

- 2019.03 [vkremez] [Let's Learn: Dissecting Operation ShadowHammer Shellcode Internals in crt_ExitProcess](https://www.vkremez.com/2019/03/lets-learn-dissecting-operation.html)

- 2019.03 [X0x0FFB347] [A Trinity of Shellcode, AES & Go](https://medium.com/p/f6cec854f992)

- 2019.03 [BorjaMerino] [One-Way Shellcode for firewall evasion using Out Of Band data](https://www.youtube.com/watch?v=wbG7M_Z7GRk)

- 2019.03 [shelliscoming] [One-Way Shellcode for firewall evasion using Out Of Band data](https://www.shelliscoming.com/2019/03/one-way-shellcode-for-firewall-evasion.html)

- 2019.03 [pcsxcetrasupport3] [A look at a bmp file with embedded shellcode](https://pcsxcetrasupport3.wordpress.com/2019/03/02/a-look-at-a-bmp-file-with-embedded-shellcode/)

- 2019.01 [fuzzysecurity] [FreeFloat FTP (custom shellcode)](http://fuzzysecurity.com/exploits/12.html)

- 2019.01 [fuzzysecurity] [Windows XP PRO SP3 - Full ROP calc shellcode](http://fuzzysecurity.com/exploits/ropshell2.html)

- 2019.01 [micropoor] [Micropoor_shellcode for payload backdoor](https://micropoor.blogspot.com/2019/01/micropoorshellcode-for-payload-backdoor.html)

- 2019.01 [ironcastle] [Maldoc with Nonfunctional Shellcode, (Wed, Jan 2nd)](https://www.ironcastle.net/maldoc-with-nonfunctional-shellcode-wed-jan-2nd/)

- 2019.01 [sans] [Maldoc with Nonfunctional Shellcode](https://isc.sans.edu/forums/diary/Maldoc+with+Nonfunctional+Shellcode/24478/)

- 2018.11 [MalwareTech] [Beginner Reversing #3 (Shellcode2 & Lab Overview)](https://www.youtube.com/watch?v=jm4DmdygLvw)

- 2018.10 [MalwareTech] [Beginner Reversing #2 (Shellcode1 & MEMZ Malware)](https://www.youtube.com/watch?v=b0WQwCQGjv4)

- 2018.10 [doyler] [Custom Shellcode Crypter – SLAE Exam Assignment #7](https://www.doyler.net/security-not-included/custom-shellcode-crypter)

- 2018.09 [doyler] [Polymorphic Shellcode – SLAE Exam Assignment #6](https://www.doyler.net/security-not-included/polymorphic-shellcode)

- 2018.09 [malwarenailed] [Reversing shellcode using blobrunner and Olly](http://malwarenailed.blogspot.com/2018/09/reversing-shellcode-using-blobrunner.html)

- 2018.08 [secist] [MMFML-powershell-shellcode](http://www.secist.com/archives/7055.html)

- 2018.08 [doyler] [Shellcode Encoding – Random Bytewise XOR (SLAE Exam #4)](https://www.doyler.net/security-not-included/shellcode-encoding-random-bytewise-xor)

- 2018.08 [nightst0rm] [Tản mạn về edit shellcode của metasploit](https://medium.com/p/8b8992ebbf39)

- 2018.08 [trendmicro] [Use-after-free (UAF) Vulnerability CVE-2018-8373 in VBScript Engine Affects Internet Explorer to Run Shellcode](https://blog.trendmicro.com/trendlabs-security-intelligence/use-after-free-uaf-vulnerability-cve-2018-8373-in-vbscript-engine-affects-internet-explorer-to-run-shellcode/)

- 2018.08 [doyler] [Egg Hunter Shellcode – SLAE Exam Assignment #3](https://www.doyler.net/security-not-included/egg-hunter-shellcode)

- 2018.07 [doyler] [Shell Reverse TCP Shellcode – SLAE Exam Assignment #2](https://www.doyler.net/security-not-included/shell-reverse-tcp-shellcode)

- 2018.07 [doyler] [Shell Bind TCP Shellcode – SLAE Exam Assignment #1](https://www.doyler.net/security-not-included/shell-bind-tcp-shellcode)

- 2018.06 [pediy] [[原创]windows下shellcode提取模板的实现](https://bbs.pediy.com/thread-229398.htm)

- 2018.06 [doyler] [Hello World Shellcode – Now for the fun part!](https://www.doyler.net/security-not-included/hello-world-shellcode)

- 2018.06 [shelliscoming] [Windows reuse shellcode based on socket's lifetime](https://www.shelliscoming.com/2018/06/windows-reuse-shellcode-based-on.html)

- 2018.05 [aliyun] [溢出过程需要的shellcode测试](https://xz.aliyun.com/t/2349)

- 2018.05 [pentestingexperts] [smap: Shellcode mapper](http://www.pentestingexperts.com/smap-shellcode-mapper-2/)

- 2018.05 [rapid7] [隐藏Metasploit Shellcode, 躲避Windows Defender检测](https://blog.rapid7.com/2018/05/03/hiding-metasploit-shellcode-to-evade-windows-defender/)

- 2018.04 [sploitspren] [Linux x86 Polymorphic Shellcode](https://www.sploitspren.com/2018-04-20-Linux-x86-Polymorphic-Shellcode/)

- 2018.04 [sploitspren] [Linux x86 Polymorphic Shellcode](https://www.absolomb.com/2018-04-20-Linux-x86-Polymorphic-Shellcode/)

- 2018.04 [venus] [Cisco ios shellcode: all-in-one译文](https://paper.seebug.org/569/)

- 2018.04 [aliyun] [Coding art in shellcode（3）](https://xz.aliyun.com/t/2245)

- 2018.04 [aliyun] [Coding art in shellcode（2）](https://xz.aliyun.com/t/2244)

- 2018.04 [aliyun] [Coding art in shellcode（1）](https://xz.aliyun.com/t/2243)

- 2018.02 [360] [Windows(x86与x64) Shellcode技术研究](https://www.anquanke.com/post/id/97601/)

- 2018.01 [trackwatch] [Improving custom shellcode detection](http://trackwatch.com/improving-custom-shellcode-detection/)

- 2017.12 [OALabs] [Debugging shellcode using BlobRunner and IDA Pro](https://www.youtube.com/watch?v=q9q8dy-2Jeg)

- 2017.11 [360] [Egg Hunting：一个非常短的shellcode](https://www.anquanke.com/post/id/87321/)

- 2017.11 [modexp] [可以当作推文发送的 x86 Windows 反向 Shell](https://modexp.wordpress.com/2017/11/16/tweetable-shellcode-windows/)

- 2017.11 [trackwatch] [[CODEBREAKER] Présentation de la détection des shellcodes encodés sur GATEWATCHER sur Windows Server 2008 R2 (Version 2.X minimum)](http://trackwatch.com/codebreaker-presentation-de-la-detection-des-shellcodes-encodes-sur-gatewatcher-sur-windows-server-2008-r2-version-2-x-minimum/)

- 2017.11 [mediaservice] [A patch for PowerSploit’s Invoke-Shellcode.ps1](https://techblog.mediaservice.net/2017/11/a-patch-for-powersploits-invoke-shellcode-ps1/)

- 2017.10 [freebuf] [用TEB结构实现ShellCode的通用性](http://www.freebuf.com/articles/system/150474.html)

- 2017.10 [trackwatch] [[CODEBREAKER] Présentation de la détection des shellcodes encodés sur GATEWATCHER sur Linux (Version 2.X minimum)](http://trackwatch.com/codebreaker-presentation-de-la-detection-des-shellcodes-encodes-sur-gatewatcher-sur-linux-version-2-x-minimum/)

- 2017.10 [trackwatch] [[CODEBREAKER] Présentation de la détection des shellcodes custom non encodés sur GATEWATCHER sur Windows XP (Version 2.5 minimum)](http://trackwatch.com/codebreaker-presentation-de-la-detection-des-shellcodes-custom-non-encodes-sur-gatewatcher-sur-windows-xp-version-2-5-minimum/)

- 2017.09 [aliyun] [Shellcode另类使用方式](https://xz.aliyun.com/t/56)

- 2017.08 [360] [HITB GSEC CTF Win Pwn解题全记录之babyshellcode](https://www.anquanke.com/post/id/86717/)

- 2017.08 [venus] [HITB GSEC CTF Win Pwn 解题全记录之 babyshellcode](https://paper.seebug.org/378/)

- 2017.08 [360] [通过Shellcode聚类识别定向攻击（APT）相关的恶意代码](https://www.anquanke.com/post/id/86700/)

- 2017.08 [vkremez] [Let's Learn: Preparing Shellcode in NASM](https://www.vkremez.com/2017/08/preparing-shellcode-in-nasm.html)

- 2017.08 [4hou] [教你如何使用分组密码对shellcode中的windows api字符串进行加密](http://www.4hou.com/info/news/7070.html)

- 2017.07 [ColinHardy] [Extract Shellcode from Fileless Malware like a Pro](https://www.youtube.com/watch?v=jbieGfML0Bs)

- 2017.06 [modexp] [Shellcode: The hunt for GetProcAddress](https://modexp.wordpress.com/2017/06/21/shellcode-getprocaddress/)

- 2017.06 [nsfocus] [手把手简易实现shellcode及详解](http://blog.nsfocus.net/simple-realization-hand-handle-shellcode-detailed-explanation/)

- 2017.06 [pediy] [[翻译]Shellcode:x86优化 part 1](https://bbs.pediy.com/thread-218410.htm)

- 2017.06 [modexp] [Shellcode: x86 优化方案（part 1）。Part 1 包括4部分：变量/寄存器的声明和初始化、测试变量/寄存器的值、条件跳转和控制流、字符转换](https://modexp.wordpress.com/2017/06/07/x86-trix-one/)

- 2017.05 [secist] [ShellCode入门（提取ShellCode）](http://www.secist.com/archives/3538.html)

- 2017.05 [secist] [任意程序添加ShellCode](http://www.secist.com/archives/3472.html)

- 2017.05 [abatchy] [Linux/x86 - Disable ASLR Shellcode (71 bytes)](http://www.abatchy.com/2017/05/linuxx86-disable-aslr-shellcode-71-bytes)

- 2017.04 [abatchy] [Shellcode reduction tips (x86)](http://www.abatchy.com/2017/04/shellcode-reduction-tips-x86)

- 2017.03 [pediy] [[原创][shellcode框架（一）] 认识shellcode，部署shellcode开放框架](https://bbs.pediy.com/thread-216608.htm)

- 2017.03 [360] [探索基于Windows 10的Windows内核Shellcode（Part 4）](https://www.anquanke.com/post/id/85770/)

- 2017.03 [improsec] [Windows Kernel Shellcode on Windows 10 – Part 4 - There is No Code](https://improsec.com/blog/windows-kernel-shellcode-on-windows-10-part-4-there-is-no-code)

- 2017.03 [360] [探索基于Windows 10的Windows内核Shellcode（Part 3）](https://www.anquanke.com/post/id/85735/)

- 2017.03 [360] [智能逃避IDS——RSA非对称多态SHELLCODE](https://www.anquanke.com/post/id/85711/)

- 2017.03 [4hou] [Windows Shellcode学习笔记——Shellcode的提取与测试](http://www.4hou.com/technology/3623.html)

- 2017.03 [improsec] [Windows Kernel Shellcode on Windows 10 – Part 3](https://improsec.com/blog/windows-kernel-shellcode-on-windows-10-part-3)

- 2017.03 [360] [探索基于Windows 10的Windows内核Shellcode（Part 2）](https://www.anquanke.com/post/id/85669/)

- 2017.03 [360] [探索基于Windows 10的Windows内核Shellcode（Part 1）](https://www.anquanke.com/post/id/85666/)

- 2017.03 [360] [反侦测的艺术part3：shellcode炼金术](https://www.anquanke.com/post/id/85648/)

- 2017.03 [4hou] [Windows Shellcode学习笔记——栈溢出中对jmp esp的利用与优化](http://www.4hou.com/technology/3655.html)

- 2017.03 [improsec] [Windows Kernel Shellcode on Windows 10 – Part 2](https://improsec.com/blog/windows-kernel-shellcode-on-windows-10-part-2)

- 2017.03 [4hou] [Windows Shellcode学习笔记——shellcode在栈溢出中的利用与优化](http://www.4hou.com/technology/3654.html)

- 2017.03 [3gstudent] [Windows Shellcode学习笔记——栈溢出中对jmp esp的利用与优化](https://3gstudent.github.io/3gstudent.github.io/Windows-Shellcode%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0-%E6%A0%88%E6%BA%A2%E5%87%BA%E4%B8%AD%E5%AF%B9jmp-esp%E7%9A%84%E5%88%A9%E7%94%A8%E4%B8%8E%E4%BC%98%E5%8C%96/)

- 2017.03 [osandamalith] [Shellcode to Scroll your Desktop Vertically and Horizontally](https://osandamalith.com/2017/03/02/shellcode-to-scroll-your-desktop-vertically-and-horizontally/)

- 2017.03 [pediy] [[原创]PE2Shellcode](https://bbs.pediy.com/thread-216034.htm)

- 2017.03 [3gstudent] [Windows Shellcode学习笔记——栈溢出中对jmp esp的利用与优化](https://3gstudent.github.io/3gstudent.github.io/Windows-Shellcode%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0-%E6%A0%88%E6%BA%A2%E5%87%BA%E4%B8%AD%E5%AF%B9jmp-esp%E7%9A%84%E5%88%A9%E7%94%A8%E4%B8%8E%E4%BC%98%E5%8C%96/)

- 2017.02 [osandamalith] [Shellcode to Scroll Your Desktop Horizontally](https://osandamalith.com/2017/02/28/shellcode-to-scroll-your-desktop-horizontally/)

- 2017.02 [osandamalith] [Shellcode to Invert Colors](https://osandamalith.com/2017/02/28/shellcode-to-invert-colors/)

- 2017.02 [improsec] [Windows Kernel Shellcode on Windows 10 – Part 1](https://improsec.com/blog/windows-kernel-shellcode-on-windows-10-part-1)

- 2017.02 [n0where] [Shellcode Builder: Shell Factory](https://n0where.net/shellcode-builder-shell-factory)

- 2017.02 [3gstudent] [Windows Shellcode学习笔记——shellcode在栈溢出中的利用与优化](https://3gstudent.github.io/3gstudent.github.io/Windows-Shellcode%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0-shellcode%E5%9C%A8%E6%A0%88%E6%BA%A2%E5%87%BA%E4%B8%AD%E7%9A%84%E5%88%A9%E7%94%A8%E4%B8%8E%E4%BC%98%E5%8C%96/)

- 2017.02 [3gstudent] [Windows Shellcode学习笔记——shellcode在栈溢出中的利用与优化](https://3gstudent.github.io/3gstudent.github.io/Windows-Shellcode%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0-shellcode%E5%9C%A8%E6%A0%88%E6%BA%A2%E5%87%BA%E4%B8%AD%E7%9A%84%E5%88%A9%E7%94%A8%E4%B8%8E%E4%BC%98%E5%8C%96/)

- 2017.02 [csyssec] [X86 Shellcode代码混淆(一)](http://www.csyssec.org/20170223/obfuscation1/)

- 2017.02 [modexp] [Shellcode: Dual Mode (x86 + amd64) Linux shellcode](https://modexp.wordpress.com/2017/02/20/shellcode-linux-x84/)

- 2017.02 [3gstudent] [Windows Shellcode学习笔记——shellcode的提取与测试](https://3gstudent.github.io/3gstudent.github.io/Windows-Shellcode%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0-shellcode%E7%9A%84%E6%8F%90%E5%8F%96%E4%B8%8E%E6%B5%8B%E8%AF%95/)

- 2017.02 [3gstudent] [Windows Shellcode学习笔记——shellcode的提取与测试](https://3gstudent.github.io/3gstudent.github.io/Windows-Shellcode%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0-shellcode%E7%9A%84%E6%8F%90%E5%8F%96%E4%B8%8E%E6%B5%8B%E8%AF%95/)

- 2017.01 [modexp] [Shellcode: Dual mode PIC for x86 (Reverse and Bind Shells for Windows)](https://modexp.wordpress.com/2017/01/24/shellcode-x84/)

- 2017.01 [modexp] [Shellcode: Solaris x86](https://modexp.wordpress.com/2017/01/23/shellcode-solaris/)

- 2017.01 [modexp] [Shellcode: Mac OSX amd64](https://modexp.wordpress.com/2017/01/21/shellcode-osx/)

- 2017.01 [modexp] [Shellcode: Resolving API addresses in memory](https://modexp.wordpress.com/2017/01/15/shellcode-resolving-api-addresses/)

- 2017.01 [360] [远程漏洞利用：无需借助套接字的Shellcode](https://www.anquanke.com/post/id/85306/)

- 2016.12 [360] [NC后门技术（shellcode版）](https://www.anquanke.com/post/id/85216/)

- 2016.12 [modexp] [Shellcode: A Windows PIC using RSA-2048 key exchange, AES-256, SHA-3](https://modexp.wordpress.com/2016/12/26/windows-pic/)

- 2016.12 [360] [使用PLC作为payload/shellcode分发系统（含演示视频）](https://www.anquanke.com/post/id/85159/)

- 2016.12 [hexacorn] [Shellcode. I’ll Call you back.](http://www.hexacorn.com/blog/2016/12/17/shellcode-ill-call-you-back/)

- 2016.12 [shelliscoming] [Modbus Stager: Using PLCs as a payload/shellcode distribution system](http://www.shelliscoming.com/2016/12/modbus-stager-using-plcs-as.html)

- 2016.12 [venus] [Shellcode Compiler - 一款易用的 Shellcode 编译工具](https://paper.seebug.org/134/)

- 2016.11 [dist67] [VBA Shellcode To Test EMET](https://www.youtube.com/watch?v=ACmcFanE658)

- 2016.11 [sans] [VBA Shellcode and EMET](https://isc.sans.edu/forums/diary/VBA+Shellcode+and+EMET/21705/)

- 2016.11 [msreverseengineering] [Synesthesia: Modern Shellcode Synthesis (Ekoparty 2016 Talk)](http://www.msreverseengineering.com/blog/2016/11/8/synesthesia-modern-shellcode-synthesis-ekoparty-2016-talk)

- 2016.10 [360] [浅谈ASLR和Shellcode的那些事儿](https://www.anquanke.com/post/id/84747/)

- 2016.09 [dist67] [Maldoc VBA: Shellcode](https://www.youtube.com/watch?v=EJMkK05-Q1o)

- 2016.09 [3gstudent] [Study Notes Weekly No.2(Shellcode Via JScript & VBScript)](https://3gstudent.github.io/3gstudent.github.io/Study-Notes-Weekly-No.2(Shellcode-Via-JScript-&-VBScript)/)

- 2016.09 [3gstudent] [Study Notes Weekly No.2(Shellcode Via JScript & VBScript)](https://3gstudent.github.io/3gstudent.github.io/Study-Notes-Weekly-No.2(Shellcode-Via-JScript-&-VBScript)/)

- 2016.08 [paloaltonetworks] [VB Dropper and Shellcode for Hancitor Reveal New Techniques Behi](https://unit42.paloaltonetworks.com/unit42-vb-dropper-and-shellcode-for-hancitor-reveal-new-techniques-behind-uptick/)

- 2016.08 [uaf] [openCTF 2016 - tyro_shellcode2](http://uaf.io/exploitation/2016/08/05/openCTF-tyro_shellcode2.html)

- 2016.08 [uaf] [openCTF 2016 - tyro_shellcode](http://uaf.io/exploitation/2016/08/05/openCTF-tyro_shellcode.html)

- 2016.08 [osandamalith] [Making your Shellcode Undetectable using .NET](https://osandamalith.com/2016/08/01/making-your-shellcode-undetectable-using-net/)

- 2016.07 [sizzop] [Kernel Hacking With HEVD Part 3 - The Shellcode](https://sizzop.github.io/2016/07/07/kernel-hacking-with-hevd-part-3.html)

- 2016.06 [breakdev] [X86 Shellcode Obfuscation - Part 3](https://breakdev.org/x86-shellcode-obfuscation-part-3/)

- 2016.06 [paraschetal] [Gracker level7 (Ghost in the Shellcode!)](https://paraschetal.in/gracker-level07)

- 2016.06 [mcafee] [Threat Actors Employ COM Technology in Shellcode to Evade Detection](https://www.mcafee.com/blogs/other-blogs/mcafee-labs/threat-actors-employ-com-technology-shellcode-evade-detection/)

- 2016.06 [mcafee] [Threat Actors Employ COM Technology in Shellcode to Evade Detection](https://securingtomorrow.mcafee.com/mcafee-labs/threat-actors-employ-com-technology-shellcode-evade-detection/)

- 2016.06 [modexp] [Shellcode: Detection between Windows/Linux/BSD on x86 architecture](https://modexp.wordpress.com/2016/06/02/shellcode-detection/)

- 2016.05 [angelalonso] [Malicious Excel documents with macros running shellcodes](http://blog.angelalonso.es/2016/05/malicious-excel-documents-vba-running.html)

- 2016.05 [hackingarticles] [Hack Remote Windows 10 PC using Cypher (Adding Shellcode to PE files)](http://www.hackingarticles.in/hack-remote-windows-10-pc-using-cypher-adding-shellcode-pe-files/)

- 2016.05 [breakdev] [X86 Shellcode Obfuscation - Part 2](https://breakdev.org/x86-shellcode-obfuscation-part-2/)

- 2016.05 [breakdev] [X86 Shellcode Obfuscation - Part 1](https://breakdev.org/x86-shellcode-obfuscation-part-1/)

- 2016.04 [paraschetal] [OWASP ZCR Shellcoder](https://paraschetal.in/owasp-zsc)

- 2016.04 [modexp] [Shellcode: FreeBSD / OpenBSD amd64](https://modexp.wordpress.com/2016/04/03/x64-shellcodes-bsd/)

- 2016.03 [modexp] [Shellcode: Linux amd64](https://modexp.wordpress.com/2016/03/31/x64-shellcodes-linux/)

- 2016.02 [ZeroNights] [George Nosenko — Cisco IOS shellcode — all-in-one](https://www.youtube.com/watch?v=T1_TvqtO6y0)

- 2016.02 [freebuf] [OWASP ZSC Shellcoder：定制个人专属Shellcode](http://www.freebuf.com/sectool/95250.html)

- 2015.11 [pediy] [[原创]我也发一个自己写的reverse_bind shellcode代码](https://bbs.pediy.com/thread-206152.htm)

- 2015.11 [autohacker] [Android Shellcode Telnetd with Parameters](https://blog.csdn.net/autohacker/article/details/49838391)

- 2015.09 [ly0n] [Windows bind shell universal shellcode](http://ly0n.me/2015/09/26/windows-bind-shell-universal-shellcode/)

- 2015.09 [ly0n] [Windows bind shell universal shellcode](https://paumunoz.tech/2015/09/26/windows-bind-shell-universal-shellcode/)

- 2015.09 [theevilbit] [Creating OSX shellcodes](http://theevilbit.blogspot.com/2015/09/creating-osx-shellcodes.html)

- 2015.09 [bigendiansmalls] [Bind Shell – shellcode and source](https://www.bigendiansmalls.com/bind-shell-shellcode-and-source/)

- 2015.08 [ly0n] [Windows reverse shell universal shellcode](http://ly0n.me/2015/08/29/windows-reverse-shell-universal-shellcode/)

- 2015.08 [ly0n] [Windows reverse shell universal shellcode](https://paumunoz.tech/2015/08/29/windows-reverse-shell-universal-shellcode/)

- 2015.08 [ly0n] [WinExec calc.exe universal shellcode](http://ly0n.me/2015/08/21/winexec-calc-exe-universal-shellcode/)

- 2015.08 [ly0n] [WinExec calc.exe universal shellcode](https://paumunoz.tech/2015/08/21/winexec-calc-exe-universal-shellcode/)

- 2015.08 [n0where] [OWASP ZeroDay Cyber Research Shellcoder](https://n0where.net/owasp-zeroday-cyber-research-shellcoder)

- 2015.07 [bigendiansmalls] [Shellcode Freebie!](https://www.bigendiansmalls.com/shellcode-freebie/)

- 2015.07 [bigendiansmalls] [Mainframe shellcode](https://www.bigendiansmalls.com/mainframe-shellcode/)

- 2015.06 [sans] [Detecting Shellcode Hidden in Malicious Files](https://digital-forensics.sans.org/blog/2015/06/28/detecting-shellcode)

- 2015.06 [tophertimzen] [Shellcode Techniques in C++](https://www.tophertimzen.com/blog/shellcodeTechniquesCPP/)

- 2015.04 [govolution] [Shifting from 32bit to 64bit Linux Shellcode](https://govolution.wordpress.com/2015/04/21/shifting-from-32bit-to-64bit-linux-shellcode/)

- 2015.04 [govolution] [Dumping shellcode 64bit style](https://govolution.wordpress.com/2015/04/18/dumping-shellcode-64bit-style/)

- 2015.04 [tophertimzen] [Shellcode in .NET - How the PEB Changes](https://www.tophertimzen.com/blog/shellcodeDotNetPEB/)

- 2015.03 [osandamalith] [Running Shellcode in your Raspberry Pi](https://osandamalith.com/2015/03/05/running-shellcode-in-your-rasbperry-pi/)

- 2014.12 [sans] [Examining Shellcode in a Debugger through Control of the Instruction Pointer](https://digital-forensics.sans.org/blog/2014/12/30/taking-control-of-the-instruction-pointer)

- 2014.12 [zerosum0x0] [x64 Egg-Hunter Shellcode Stager](https://zerosum0x0.blogspot.com/2014/12/x64-egg-hunter-shellcode.html)

- 2014.12 [zerosum0x0] [x64 Linux Polymorphic execve() shellcode](https://zerosum0x0.blogspot.com/2014/12/there-are-many-versions-of-execve.html)

- 2014.12 [zerosum0x0] [x64 Shellcode One-Time Pad Crypter](https://zerosum0x0.blogspot.com/2014/12/x64-one-time-pad-shellcode-crypter.html)

- 2014.12 [zerosum0x0] [x64 Linux Polymorphic forkbomb shellcode](https://zerosum0x0.blogspot.com/2014/12/on-shell-storm-there-is-simple-7-byte.html)

- 2014.12 [zerosum0x0] [x64 Linux Polymorphic read file shellcode](https://zerosum0x0.blogspot.com/2014/12/x64-linux-polymorphic-read-file.html)

- 2014.12 [zerosum0x0] [x64 Linux reverse TCP connect shellcode (75 to 83 bytes, 88 to 96 with password)](https://zerosum0x0.blogspot.com/2014/12/x64-linux-reverse-tcp-connect-shellcode.html)

- 2014.12 [zerosum0x0] [x64 Linux bind TCP port shellcode (80 bytes, 95 with password)](https://zerosum0x0.blogspot.com/2014/12/x64-linux-bind-shellcode-81-bytes-96.html)

- 2014.12 [nebelwelt] [Ghost in the Shellcode Teaser 2015: Lost To Time](http://nebelwelt.net/blog/20141213-GitS-LostToTime.html)

- 2014.12 [tophertimzen] [Windows x64 shellcode编写指南](https://www.tophertimzen.com/blog/windowsx64Shellcode/)

- 2014.11 [pediy] [[原创]史上最小无需重定位的"格盘"ShellCode](https://bbs.pediy.com/thread-194664.htm)

- 2014.11 [sans] [Guest Diary: Didier Stevens - Shellcode Detection with XORSearch](https://isc.sans.edu/forums/diary/Guest+Diary+Didier+Stevens+Shellcode+Detection+with+XORSearch/18929/)

- 2014.10 [MarcusNiemietz] [Svetlana Gaivoronski - Shellcode detection techniques](https://www.youtube.com/watch?v=bbzH-y93hq0)

- 2014.09 [pediy] [[原创]根据一个通用的shellcode 还原的一段汇编代码](https://bbs.pediy.com/thread-192293.htm)

- 2014.07 [govolution] [Shellcode Binder for Windows 64 Bit](https://govolution.wordpress.com/2014/07/26/shellcode-binder-for-windows-64-bit/)

- 2014.07 [osandamalith] [shutdown -h now Shellcode](https://osandamalith.com/2014/07/03/shutdown-h-now-shellcode/)

- 2014.06 [osandamalith] [Chmod 0777 Polymorphic Shellcode](https://osandamalith.com/2014/06/24/chmod-0777-polymorphic-shellcode/)

- 2014.05 [parsiya] [Pasting Shellcode in GDB using Python](https://parsiya.net/blog/2014-05-25-pasting-shellcode-in-gdb-using-python/)

- 2014.04 [skullsecurity] [Ghost in the Shellcode: fuzzy (Pwnage 301)](https://blog.skullsecurity.org/2014/ghost-in-the-shellcode-fuzzy-pwnage-301)

- 2014.03 [] [Two shellcodes and a bit of code](http://0x90909090.blogspot.com/2014/03/two-shellcodes-and-bit-of-code.html)

- 2014.03 [zairon] [Obfuscated shellcode inside a malicious RTF document](https://zairon.wordpress.com/2014/03/06/obfuscated-shellcode-inside-a-malicious-rtf-document/)

- 2014.02 [freebuf] [用C语言进一步优化Windows Shellcode](http://www.freebuf.com/articles/system/27122.html)

- 2014.02 [rapid7] [Shellcode Golf: Every Byte is Sacred](https://blog.rapid7.com/2014/02/14/shellcode-golf/)

- 2014.02 [govolution] [Shellcode for deleting a file](https://govolution.wordpress.com/2014/02/11/shellcode-for-deleting-a-file/)

- 2014.01 [govolution] [SLAE: Shellcode read and send file](https://govolution.wordpress.com/2014/01/28/slae-shellcode-read-and-send-file/)

- 2014.01 [skullsecurity] [Ghost in the Shellcode: gitsmsg (Pwnage 299)](https://blog.skullsecurity.org/2014/ghost-in-the-shellcode-gitsmsg-pwnage-299)

- 2014.01 [govolution] [SLAE Assignment 6: Polymorphic Shellcode](https://govolution.wordpress.com/2014/01/26/slae-assignment-6-polymorphic-shellcode/)

- 2014.01 [skullsecurity] [Ghost in the Shellcode: TI-1337 (Pwnable 100)](https://blog.skullsecurity.org/2014/ghost-in-the-shellcode-ti-1337-pwnable-100)

- 2014.01 [pediy] [[原创]揭示《shellcoder's handbook》中一个函数的运行机制](https://bbs.pediy.com/thread-183257.htm)

- 2013.12 [pediy] [[原创]shellcode 版的 hello world](https://bbs.pediy.com/thread-182964.htm)

- 2013.12 [anti] [A Shellter for your shellcode…](http://www.anti-reversing.com/1257/)

- 2013.12 [pediy] [[原创]旧书重温：0day2[5]shellcode变形记](https://bbs.pediy.com/thread-182551.htm)

- 2013.11 [infosec42] [[Shellcode] MIPS Little Endian Reverse Shell Shellcode (Linux)](http://infosec42.blogspot.com/2013/11/shellcode-mips-little-endian-reverse.html)

- 2013.08 [v0ids3curity] [Stdin reopen & execve /bin/sh shellcode for Linux/x86_64](https://www.voidsecurity.in/2013/08/stdin-reopen-execve-binsh-shellcode-for.html)

- 2013.07 [infosec42] [[Shellcode]  MIPS Little Endian system() Shellcode](http://infosec42.blogspot.com/2013/07/shellcode-mips-little-endian-system.html)

- 2013.06 [pediy] [[原创]分享用C语言写ShellCode的技术应用--拦截系统记事本工具的保存菜单](https://bbs.pediy.com/thread-173634.htm)

- 2013.06 [pediy] [[原创]分享用C语言写ShellCode的实现源码](https://bbs.pediy.com/thread-173358.htm)

- 2013.06 [jumpespjump] [One-liner to only get the shellcode from objdump](https://jumpespjump.blogspot.com/2013/06/only-getting-shellcode-from-objdump.html)

- 2013.04 [pediy] [[原创]新人ShellCode小总结,附带一个讨论问题](https://bbs.pediy.com/thread-170748.htm)

- 2013.03 [techorganic] [Binary to shellcode](https://blog.techorganic.com/2013/03/02/binary-to-shellcode/)

- 2013.02 [v0ids3curity] [Ghost In The Shellcode 2013 CTF - Pwnable 100 - Question 8 Shiftd [Team xbios]](https://www.voidsecurity.in/2013/02/ghost-in-shellcode-2013-ctf-pwnable-100.html)

- 2013.01 [pediy] [[原创]MAsM ShellCode 宏框架使用手册 CHM](https://bbs.pediy.com/thread-160884.htm)

- 2012.11 [offensive] [Fun with AIX Shellcode and Metasploit](https://www.offensive-security.com/vulndev/aix-shellcode-metasploit/)

- 2012.11 [cawanblog] [Design and Implementation of Token Stealing Kernel Shellcode for Windows 8](http://cawanblog.blogspot.com/2012/11/design-and-implementation-of-token.html)

- 2012.11 [cawanblog] [How To Build A Kernel Shellcode Design and Testing Platform For Windows 8 By Using Windbg](http://cawanblog.blogspot.com/2012/11/how-to-build-kernel-shellcode-design_5.html)

- 2012.10 [pediy] [[原创]ShellCodeToAscii](https://bbs.pediy.com/thread-156913.htm)

- 2012.08 [pediy] [[原创] Shellcode In X64-3 Test Your Shellcode](https://bbs.pediy.com/thread-155371.htm)

- 2012.08 [pediy] [[原创]Shellcode In X64-2Search Function using hash](https://bbs.pediy.com/thread-155341.htm)

- 2012.08 [pediy] [[原创]Shellcode In X64-1Find Kernel32.dll](https://bbs.pediy.com/thread-155336.htm)

- 2012.08 [rsa] [Network detection of x86 buffer overflow shellcode](https://community.rsa.com/community/products/netwitness/blog/2012/08/22/network-detection-of-x86-buffer-overflow-shellcode)

- 2012.07 [magictong] [ShellCode的调试方法和常见问题的解决方法](https://blog.csdn.net/magictong/article/details/7768026)

- 2012.05 [pediy] [[原创] 也学构造字母shellcode](https://bbs.pediy.com/thread-151251.htm)

- 2012.05 [joxeankoret] [Embedding a shellcode in a PE file](http://joxeankoret.com/blog/2012/05/06/embedding-a-shellcode-in-a-pe-file/)

- 2012.03 [] [文件类漏洞ShellCode的查找](http://www.91ri.org/2937.html)

- 2012.03 [sans] [Phishing with obfuscated javascript, shellcode and malware](https://isc.sans.edu/forums/diary/Phishing+with+obfuscated+javascript+shellcode+and+malware/12700/)

- 2012.01 [] [Linux/x86 Polymorphic ShellCode – setuid(0)+setgid(0)+add user ‘iph’ without password to /etc/passwd](http://www.91ri.org/2714.html)

- 2011.11 [pediy] [[原创]我的第一次vc转shellcode历程](https://bbs.pediy.com/thread-142657.htm)

- 2011.10 [dist67] [White Hat Shellcode Workshop: Enforcing Permanent DEP](https://www.youtube.com/watch?v=UUQz5JsWirI)

- 2011.08 [pediy] [[原创]OllyDgb下的shellcode提取插件](https://bbs.pediy.com/thread-138963.htm)

- 2011.06 [pediy] [[求助]在shellcode中遇到疑惑的浮点指令](https://bbs.pediy.com/thread-135162.htm)

- 2011.04 [pediy] [[原创]Dadong's JSXX 0.39 VIP所用shellcode调试](https://bbs.pediy.com/thread-132109.htm)

- 2011.03 [purehacking] [The Shellcode Lab - Black Hat Training Course](https://www.purehacking.com/blog/ty-miller/the-shellcode-lab-black-hat-training-course)

- 2011.01 [travisgoodspeed] [Generic CC1110 Sniffing, Shellcode, and iClickers](http://travisgoodspeed.blogspot.com/2011/01/generic-cc1110-sniffing-shellcode-and.html)

- 2010.12 [pediy] [[原创]shellcode框架，纯属娱乐](https://bbs.pediy.com/thread-125853.htm)

- 2010.11 [e] [Hiding Shellcode in Plain Sight](http://e-omidfar.blogspot.com/2010/11/hiding-shellcode-in-plain-sight.html)

- 2010.09 [pediy] [[原创]众里寻他千百度----文件类漏洞ShellCode的查找](https://bbs.pediy.com/thread-121045.htm)

- 2010.05 [pediy] [[原创]纯字母shellcode揭秘](https://bbs.pediy.com/thread-113177.htm)

- 2010.04 [pediy] [[原创]基于shellcode感染方式的组合病毒研究](https://bbs.pediy.com/thread-110429.htm)

- 2010.03 [skullsecurity] [Weaponizing dnscat with shellcode and Metasploit](https://blog.skullsecurity.org/2010/weaponizing-dnscat-with-shellcode-and-metasploit)

- 2009.06 [heelan] [Morphing shellcode using CFGs and SAT](https://sean.heelan.io/2009/06/02/model-checking-smt-solving-and-morphing-shellcode/)

- 2009.05 [heelan] [Not all shellcode locations are made equal](https://sean.heelan.io/2009/05/13/not-all-shellcode-locations-are-made-equal/)

- 2009.03 [pediy] [[分享]贴一个MessageBox的shellcode](https://bbs.pediy.com/thread-83968.htm)

- 2009.01 [pediy] [[原创]改写前辈的shellcode（delphi版）](https://bbs.pediy.com/thread-80819.htm)

- 2008.12 [edge] [Shellcode2Exe](http://edge-security.blogspot.com/2008/12/shellcode2exe.html)

- 2008.11 [pediy] [[原创]汇编打造最简单的shellcode](https://bbs.pediy.com/thread-76204.htm)

- 2008.09 [pediy] [[原创]ShellCode Locator for IDA 5.2](https://bbs.pediy.com/thread-72947.htm)

- 2008.07 [pediy] [[翻譯]SHELLCODE 設計解密](https://bbs.pediy.com/thread-69385.htm)

- 2008.07 [pediy] [[原创]32字节的退出进程Shellcode](https://bbs.pediy.com/thread-68560.htm)

- 2008.07 [pediy] [[原创]word 漏洞利用shellcode代码反汇编](https://bbs.pediy.com/thread-68102.htm)

- 2008.06 [pediy] [[作品提交]ShellCode辅助工具](https://bbs.pediy.com/thread-66656.htm)

- 2008.05 [pediy] [[原创]快速高效的写shellcode](https://bbs.pediy.com/thread-65309.htm)

- 2008.02 [pediy] [[原创]shellcode之小小琢磨](https://bbs.pediy.com/thread-60338.htm)

- 2007.08 [pediy] [[原创]完全不懂shellcode解第二阶段第一题](https://bbs.pediy.com/thread-50721.htm)

- 2007.03 [pediy] [《The Shellcoder's handbook》第十九章_二进制审计：Hacking不公开源码的软件](https://bbs.pediy.com/thread-40537.htm)

- 2007.02 [pediy] [《The Shellcoder's handbook》第十八章_跟踪漏洞](https://bbs.pediy.com/thread-40164.htm)

- 2007.02 [pediy] [[注意]《The Shellcoder's Handbook》中的笔误](https://bbs.pediy.com/thread-39968.htm)

- 2007.02 [pediy] [《The Shellcoder's handbook》第十七章_Instrumented Investigation:手工的方法](https://bbs.pediy.com/thread-39775.htm)

- 2007.02 [pediy] [《The Shellcoder's handbook》第十六章_源码审计：在C-Based 语言里寻找漏洞](https://bbs.pediy.com/thread-39586.htm)

- 2007.02 [pediy] [《The Shellcoder's handbook》第十五_Fuzzing的技巧](https://bbs.pediy.com/thread-39220.htm)

- 2007.01 [pediy] [《The Shellcoder's handbook》第十三章_建立工作环境](https://bbs.pediy.com/thread-38324.htm)

- 2007.01 [pediy] [《The Shellcoder's handbook》第十二章_破解HP Tru64 Unix](https://bbs.pediy.com/thread-37937.htm)

- 2007.01 [pediy] [《The Shellcoder's handbook》第十一章_高级 Solaris 破解](https://bbs.pediy.com/thread-37575.htm)

- 2007.01 [pediy] [《The Shellcoder's handbook》第十章_Solaris 破解入门](https://bbs.pediy.com/thread-37269.htm)

- 2006.12 [pediy] [《The Shellcoder's handbook》第九章_战胜过滤器](https://bbs.pediy.com/thread-36885.htm)

- 2006.12 [pediy] [《The Shellcoder's handbook》第八章_Windows 溢出](https://bbs.pediy.com/thread-36535.htm)

- 2006.12 [pediy] [来看看WINRAR溢出漏洞吧,写个SHELLCODE就可以捆绑程序[注意]](https://bbs.pediy.com/thread-36248.htm)

- 2006.12 [pediy] [《The Shellcoder's handbook》第七章_Windows Shellcode](https://bbs.pediy.com/thread-36216.htm)

- 2006.12 [pediy] [《The Shellcoder's handbook》翻译汇总及勘误](https://bbs.pediy.com/thread-35849.htm)

- 2006.12 [pediy] [《The Shellcoder's handbook》第六章_Windows的广阔原野](https://bbs.pediy.com/thread-35847.htm)

- 2006.11 [em386] [Sysenter shellcode](http://em386.blogspot.com/2006/11/sysenter-shellcode.html)

- 2006.11 [pediy] [《The Shellcoder's handbook》第五章_堆溢出](https://bbs.pediy.com/thread-35165.htm)

- 2006.11 [pediy] [《The Shellcoder's handbook》第四章_格式化串漏洞](https://bbs.pediy.com/thread-34820.htm)

- 2006.11 [pediy] [《The Shellcoder's handbook》第三章_Shellcode](https://bbs.pediy.com/thread-34433.htm)

- 2006.10 [pediy] [《The Shellcoder's handbook》第二章_栈溢出](https://bbs.pediy.com/thread-33986.htm)

- 2006.10 [pediy] [《The Shellcoder's handbook》第一章_在开始之前](https://bbs.pediy.com/thread-33670.htm)

- 2006.10 [pediy] [[原创]小议shellcoder](https://bbs.pediy.com/thread-33205.htm)

- 2006.04 [pediy] [[原创]常用ShellCode Hash算法-Delphi内镶BASM](https://bbs.pediy.com/thread-23563.htm)

- 2005.01 [pediy] [shellcode和我写的一个例子](https://bbs.pediy.com/thread-19294.htm)

# 贡献

内容为系统自动导出, 有任何问题请提issue