Skip to content
/ PayloadFactory Public

C# implementation of Shellcode delivery techniques using PInvoke and DInvoke variations for API calling.

License

MIT license
34 stars 10 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

GeorgePatsias/PayloadFactory

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
DInvoke
DInvoke
 
 
PInvoke
PInvoke
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

🏭 Payload Factory

This project is about different malware development techniques for AV and Defense evasion using C#.

API calling methodologies using:

  • PInvoke (Platform Invoke) https://www.pinvoke.net/. Calling Win32 and other unmanaged APIs from managed code.

  • DInvoke (Dynamic Invoke) https://thewover.github.io/Dynamic-Invoke/. Dynamically invoke unmanaged code from memory or disk while avoiding API Hooking, suspicious imports and having an Import table in the payload, evading EDR and AV scan interfaces.

🧬⚗️ Techniques

📃 Dynamic Link Libraries (DLL)

  • Process Hollowing
  • Process Injection
  • Reflective DLL Injection

⚙️ Executables (EXE)

  • Process Hollowing
  • Process Injection
  • Dynamic Process Injection
  • Suspended Thread Injection

🔐 Encryption

  • AES (Advanced Encryption Standard)
  • XOR (Exclusive OR)
  • Caesar Cipher

📥 Clone the Project

git clone https://github.com/GeorgePatsias/PayloadFactory.git

Open Payload.sln with Visual Studio and compile for a x64 bit architecture.

References

About

C# implementation of Shellcode delivery techniques using PInvoke and DInvoke variations for API calling.

Resources

Readme

License

MIT license
Activity

Stars

34 stars

Watchers

3 watching

Forks

10 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages