GitHub

PowerShell Shellcode Injection via Windows API.yml

description: Detects PowerShell using VirtualAlloc, CreateThread, and similar API calls for memory injection techniques. - 'VirtualAlloc' # Detects use of VirtualAlloc, a Windows API function used to ...
GitHub

bpark1223/Detecting-Unmanaged-PowerShell-C-Sharp-Injection

C# is a managed language, meaning that the code you write isn't directly turned into the basic machine instructions that your computer's hardware understands. Instead, it gets converted into a special ...
archive

github.com-trustedsec-unicorn_-_2018-08-05_01-25-20

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented ...