From 2f1765ba6c35a890ef984c871046504d8199f50a Mon Sep 17 00:00:00 2001 From: pe3zx Date: Fri, 27 Aug 2021 12:48:20 +0700 Subject: [PATCH 1/2] Add: mobdk/Upsilon to Execution section --- Offensive.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Offensive.md b/Offensive.md index 420fbfc..5776da7 100644 --- a/Offensive.md +++ b/Offensive.md @@ -538,8 +538,11 @@ Some tools can be categorized in more than one category. But because the current mobdk/Sigma - Execute shellcode with ZwCreateSection, ZwMapViewOfSection, ZwOpenProcess, ZwMapViewOfSection and - ZwCreateThreadEx + Execute shellcode with ZwCreateSection, ZwMapViewOfSection, ZwOpenProcess, ZwMapViewOfSection and ZwCreateThreadEx + + + mobdk/Upsilon + Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used monoxgas/sRDI From 080e08b040bbfb926e7d92151ba487665e29b120 Mon Sep 17 00:00:00 2001 From: pe3zx Date: Fri, 27 Aug 2021 12:50:55 +0700 Subject: [PATCH 2/2] Add: timwhitez/Doge-Loader to Execution section --- Offensive.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Offensive.md b/Offensive.md index 5776da7..c9b71d4 100644 --- a/Offensive.md +++ b/Offensive.md @@ -410,6 +410,10 @@ Some tools can be categorized in more than one category. But because the current snovvcrash/peas Modified version of PEAS client for offensive operations + + timwhitez/Doge-Loader + 🐶Cobalt Strike Shellcode Loader by Golang + TheCruZ/kdmapper KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory