אולי לשלב עם ai וסייבר או התמקצעות עמוקה בתחום ספציפי של סייבר התקפי ופיתוח קוד לזה modern c ,nim, rust, go,c# aot pen testing exploits & shellcodes rootkits, loaders, stealers... reverse engineering...

💣⚔️ Exploit Development & Frameworks Every Security Researcher Should Know 1.🔥 Metasploit Framework → Exploitation framework used for developing, testing, and executing exploits against vulnerable systems 2.📂 Exploit-DB → Public archive containing exploits, shellcodes, and vulnerability research 3.🔍 SearchSploit → Command-line tool for searching Exploit-DB locally from the terminal 4.🐍 pwntools → Python framework widely used for binary exploitation and CTF automation 5.🧩 ROPgadget → Finds ROP gadgets inside binaries for Return-Oriented Programming attacks 6.🗄️ libc-database → Helps identify libc versions and calculate memory offsets during exploitation 7.⚙️ peda → GDB plugin that improves debugging and exploit development workflows 8.🛠️ GEF (GDB Enhanced Features) → Advanced GDB extension for reverse engineering and binary exploitation 9.🎯 pwndbg → Modern GDB plugin optimized for exploit development and CTF challenges #ExploitDevelopment #CyberSecurity #CTF #Pentesting #ReverseEngineering

Shellcode injection has become a real nightmare. I’m not giving up, but… Thanks again to @elastic for providing their EDR and especially their detection rules. This public availability is clearly a win-win situation. Attackers improve their OpSec, and defenders improve their detection at the same time. Elastic EDR lets you know exactly why it caught you, with extremely detailed information. By the way, I forked this repo, it’s an absolute masterclass and saves a ton of time during development: github.com/elastic/detection… That's why I decided to stop doing shellcode injection, at least for now, and instead develop native protocol support for my favorite C2 servers. My injector was called "Donkey" (like in Shrek) and I decided to create a new crate called "Farquaad". No rage. Nr Nr, y u r ? Farquaad will contain a custom beacon for every major C2: AdaptixC2, Sliver, Havoc, Cobalt Strike, the whole pack… all coded in pure no_std Rust, with static and dynamic evasion capabilities while we’re at it. This way I avoid injecting shellcodes with shitty basic allocators. I'll keep you updated.

35 non-Office file formats fully weaponized & obfuscated by the OST Builder - coming soon! So many ways to run your shellcodes. This release becomes my hello world to the OST family 👋

Working on next release of Bytes Revealer bytesrevealer.online you will be able to paste shellcodes and other types of data for analysis, all inside your browser! #reversing The Open Source Hex Editor.

I hate looking at shellcodes, mostly because it's hard to explain things in cleartext 😂

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches). meterpreter.org/hollows_hunt…

🚀 Descubra o maior dataset de shellcodes IA-32 já compilado! Código limpo, exemplos práticos e tudo pronto para testar suas habilidades. 🚨🔐 #CyberSecurity #Shellcode github.com/dessertlab/Shellc…

Y qué podría hacer con binario que no pueda en node.js? Nada, tonterías. Ya tengo el IP en node. No, incluso, tengo varios hilos contemplados en el IP loop. Aprender shellcodes? Eso son fantasías, hombre. Hay usos, tipo lookaheaders de optimización, funciones primadas shortcu

#threatreport #LowCompleteness JitterDropper | 14-04-2026 Source: research.openanalysis.net/ji… Key details below ↓ 💀Threats: Jitterdropper, Donut, Vidar_stealer, 📚TTPs: ⚔️Tactics: 1 🛠️Technics: 0 🤖LLM extracted TTPs:` T1027.009, T1105, T1140, T1497.003, T1620, T1622 🧨IOCs: - Domain: 1 - Hash: 9 - File: 2 - Url: 1 💽Software: pixeldrain 🔢Algorithms: xor, bcrypt, aes-256-gcm, aes-gcm 🔠Functions: Sleep 🗂️Win API: InternetOpenA, StringFromGUID2, CoGetObject, CoUninitialize, CreateRemoteThread, VirtualAlloc, VirtualProtect, CheckRemoteDebuggerPresent, IsDebuggerPresent, RegisterClassExA, ... 📜Programming Languages: rust #threatreport: JitterDropper is a new Windows dropper written in Rust and MSVC, identified in development since March 2026, with multiple builds analyzed across two main variants. The first variant embeds a payload within its .rdata section, utilizing a multi-pass decryption process to produce a Donut shellcode loader with an embedded Portable Executable (PE). The second variant features a more compact stager that downloads a 122-byte encrypted shellcode blob from pixeldrain.com, decrypting it with a single SSE-32 repeating XOR key. All builds are compiled with the consistent Rust 1.92.0 MSVC toolchain. The dropper implements several anti-analysis techniques to evade detection. It incorporates a pair of inline checks, CheckRemoteDebuggerPresent and IsDebuggerPresent, exiting quietly if either is triggered. The GUI executable does not engage in message pumping, as it creates a window with randomized class and title strings. Additionally, it employs a stalling loop with EnumWindows to delay execution and uses a wall-clock padder to defeat time-compressed environments, implementing random sleep durations with conditional exit points based on elapsed time checks. One notable feature of JitterDropper is the "jitter-budget-per-API" fingerprint, which distinguishes it from other Rust programs. The unique selection of the Lemire divisor for each API's random sleep duration is consistent across builds, contrasting with unrelated Rust samples that show uniform sleep behavior. This specific per-API choice indicates a deliberate design choice by the author, enhancing its detection evasion tactics. In terms of decryption mechanisms, the first variant details a complex three-pass decryption process that includes a series of byte-XOR operations, multiple iterations of SSE permutations, and a final repeating key XOR to extract approximately 675 KB of raw shellcode. The identified shellcode contains a reflective loader and leads into an inner PE, which appears to be affiliated with either a .NET stealer or the Vidar family of malware. Conversely, the second variants’ shellcodes attempting to retrieve from pixeldrain.com were inaccessible at the time of analysis, limiting further evaluation of their contents.

Dataset of shellcodes for IA-32 assembly github.com/dessertlab/Shellc…

Use the 64-bit version as... nobody expecting to do 64-bit shellcodes for windows xp lmao

Ne fait pas de sens c’est un anglicisme, on dit "n’a pas de sens" en Français Et les shellcodes pour le coup, a part les mips que j’ai piqués, j’les ai écris manuellement J’ai pas besoin de faire des super shellcodes obfusqués machin chouette, c’est ma lib ctf et rm (je fais de la recherche de vuln pas du maldev)

The project is designed to create obfuscated (disguised) shellcodes. The main goal is to bypass static analysis of antivirus (AV) and EDR systems by encrypting the payload. It is a professional tool for Red Teaming and security analysis. github.com/Vitalii-Khomenko/…

Why don't you ever talk about ransomeware, RCE exploits and shellcodes, always posting script kiddie stuff

Exploit Pack breach exposes a full repository of exploits, shellcodes, and PoC source code from 2020–2026. Leaked data hints at upcoming premium "Kernel Pack" and "Control Pack" releases. #ExploitPack #KernelPack #ExploitLeak ift.tt/5LbhnTl

🚨 Exploit Pack Breached: Full Exploit & Shellcode Repository (2020–2026) Leaked Online A threat actor claims they exploited a vulnerability on exploitpack.com to exfiltrate a complete dump of Exploit Pack assets, including the full exploit repository (2020–2026), shellcodes, and PoC source code, with “Kernel Pack” and “Control Pack” content teased for a follow-on leak. This matters because leaked offensive modules can be rapidly weaponized by other actors, accelerating real-world exploitation and lowering the barrier for copycat attacks. 🎯 Target: USA/Exploit Pack (Penetration Testing Framework) #️⃣ Category: #DataBreach #CyberCrime 🔗 URL: dailydarkweb.net/exploit-pac…

❗️ ExploitPack[.]com has allegedly been compromised by a threat actor who claims to have exploited a vulnerability on the site to exfiltrate all exploits spanning 2020–2026, totaling approximately 500 MB of data including exploit code, shellcodes, and related files, with plans to release additional kernel and control pack exploits soon.

the killchain downloads a Python script (loader) loading in three different explorer.exe processes three different shellcodes decrypted using 3 txt files containing each one 3 different XOR keys concateneted at runtime. @anyrun_app analysis: app.any.run/tasks/963a9d4c-3…

A era da infância, quando o sistema era mínimo, quase sem proteções, tudo executava com privilégio total. A era da adolescência, cheia de exploits selvagens, shellcodes emocionais que abriam portas que nem sabíamos que existiam.