{"id":10376,"date":"2020-04-23T20:49:00","date_gmt":"2020-04-23T15:19:00","guid":{"rendered":"http:\/\/kalilinuxtutorials.com\/?p=10376"},"modified":"2020-04-23T20:49:00","modified_gmt":"2020-04-23T15:19:00","slug":"gobox","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/gobox\/","title":{"rendered":"goBox : GO Sandbox To Run Untrusted Code"},"content":{"rendered":"\n

goBox <\/strong>uses Ptrace to hook into READ syscalls, giving you the option to accept or deny syscalls before they are executed. GO sandbox to run untrusted code.<\/p>\n\n\n\n

Usage<\/strong><\/p>\n\n\n\n

Usage of .\/gobox:<\/strong>

gobox [FLAGS] command

Flags:<\/strong>
-h Print Usage.
-n value
A glob pattern for automatically blocking file reads.
-y value
A glob pattern for automatically allowing file reads.<\/p>\n\n\n\n

Also Read – https:\/\/kalilinuxtutorials.com\/dnsprobe\/<\/a><\/strong><\/p>\n\n\n\n

Use cases<\/strong><\/p>\n\n\n\n

You want to install anything<\/strong><\/p>\n\n\n\n

> gobox -n “\/etc\/password.txt” npm install sketchy-module<\/strong>
BLOCKED READ on \/etc\/password.txt
>gobox -n “\/etc\/password.txt” bash <(curl https:\/\/danger.zone\/install.sh)<\/strong>
BLOCKED READ on \/etc\/password.txt<\/p>\n\n\n\n

You are interested in what file reads you favorite program makes.<\/p>\n\n\n\n

Sure you could use strace, but it references file descriptors the tool makes the this much easier at a glance by printing the absolute path of the fd.<\/p>\n\n\n\n

>gobox ls<\/strong>
Wanting to READ \/usr\/lib\/x86_64-linux-gnu\/libselinux.so.1 [y\/n]<\/p>\n\n\n\n

NOTE:<\/strong> It’s definitely a better idea to encrypt all your sensitive data, it should probably only be used when that is inconvenient or impractical.<\/p>\n\n\n\n

NOTE:<\/strong> I haven’t made any effort for cross-x compatibility so it currently only works on linux. I’d happily accept patches to improve portability.<\/p>\n\n\n\n

\n
Download<\/strong><\/a><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

goBox uses Ptrace to hook into READ syscalls, giving you the option to accept or deny syscalls before they are executed. GO sandbox to run untrusted code. Usage Usage of .\/gobox: gobox [FLAGS] command Flags:-h Print Usage.-n valueA glob pattern for automatically blocking file reads.-y valueA glob pattern for automatically allowing file reads. Also Read […]<\/p>\n","protected":false},"author":4,"featured_media":16253,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/1.bp.blogspot.com\/-CZo0jZbCziQ\/XqCKs_yJcaI\/AAAAAAAAGAo\/L5605wLpeZ4Nqs88EsWJlGldhiDHeN3YACLcBGAsYHQ\/s1600\/Gobox%25282%2529.png","fifu_image_alt":"goBox : GO Sandbox To Run Untrusted Code","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[1357,1363,2928],"class_list":["post-10376","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali","tag-go-sandbox","tag-gobox","tag-sandbox"],"yoast_head":"\ngoBox : GO Sandbox To Run Untrusted Code 2020<\/title>\n<meta name=\"description\" content=\"goBox uses Ptrace to hook into READ syscalls, giving you the option to accept or deny syscalls before they are executed. GO sandbox to run untrusted code.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/gobox\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"goBox : GO Sandbox To Run Untrusted Code 2020\" \/>\n<meta property=\"og:description\" content=\"goBox uses Ptrace to hook into READ syscalls, giving you the option to accept or deny syscalls before they are executed. GO sandbox to run untrusted code.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/gobox\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2020-04-23T15:19:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/1.bp.blogspot.com\/-CZo0jZbCziQ\/XqCKs_yJcaI\/AAAAAAAAGAo\/L5605wLpeZ4Nqs88EsWJlGldhiDHeN3YACLcBGAsYHQ\/s1600\/Gobox%25282%2529.png\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/1.bp.blogspot.com\/-CZo0jZbCziQ\/XqCKs_yJcaI\/AAAAAAAAGAo\/L5605wLpeZ4Nqs88EsWJlGldhiDHeN3YACLcBGAsYHQ\/s1600\/Gobox%25282%2529.png\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/gobox\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/gobox\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"goBox : GO Sandbox To Run Untrusted Code\",\"datePublished\":\"2020-04-23T15:19:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/gobox\/\"},\"wordCount\":216,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/gobox\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-CZo0jZbCziQ\/XqCKs_yJcaI\/AAAAAAAAGAo\/L5605wLpeZ4Nqs88EsWJlGldhiDHeN3YACLcBGAsYHQ\/s1600\/Gobox%25282%2529.png\",\"keywords\":[\"GO Sandbox\",\"goBox\",\"sandbox\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/gobox\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/gobox\/\",\"name\":\"goBox : GO Sandbox To Run Untrusted Code 2020\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/gobox\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/gobox\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-CZo0jZbCziQ\/XqCKs_yJcaI\/AAAAAAAAGAo\/L5605wLpeZ4Nqs88EsWJlGldhiDHeN3YACLcBGAsYHQ\/s1600\/Gobox%25282%2529.png\",\"datePublished\":\"2020-04-23T15:19:00+00:00\",\"description\":\"goBox uses Ptrace to hook into READ syscalls, giving you the option to accept or deny syscalls before they are executed. GO sandbox to run untrusted code.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/gobox\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/gobox\/#primaryimage\",\"url\":\"https:\/\/1.bp.blogspot.com\/-CZo0jZbCziQ\/XqCKs_yJcaI\/AAAAAAAAGAo\/L5605wLpeZ4Nqs88EsWJlGldhiDHeN3YACLcBGAsYHQ\/s1600\/Gobox%25282%2529.png\",\"contentUrl\":\"https:\/\/1.bp.blogspot.com\/-CZo0jZbCziQ\/XqCKs_yJcaI\/AAAAAAAAGAo\/L5605wLpeZ4Nqs88EsWJlGldhiDHeN3YACLcBGAsYHQ\/s1600\/Gobox%25282%2529.png\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"goBox : GO Sandbox To Run Untrusted Code 2020","description":"goBox uses Ptrace to hook into READ syscalls, giving you the option to accept or deny syscalls before they are executed. GO sandbox to run untrusted code.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/gobox\/","og_locale":"en_US","og_type":"article","og_title":"goBox : GO Sandbox To Run Untrusted Code 2020","og_description":"goBox uses Ptrace to hook into READ syscalls, giving you the option to accept or deny syscalls before they are executed. GO sandbox to run untrusted code.","og_url":"https:\/\/kalilinuxtutorials.com\/gobox\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2020-04-23T15:19:00+00:00","og_image":[{"url":"https:\/\/1.bp.blogspot.com\/-CZo0jZbCziQ\/XqCKs_yJcaI\/AAAAAAAAGAo\/L5605wLpeZ4Nqs88EsWJlGldhiDHeN3YACLcBGAsYHQ\/s1600\/Gobox%25282%2529.png","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/1.bp.blogspot.com\/-CZo0jZbCziQ\/XqCKs_yJcaI\/AAAAAAAAGAo\/L5605wLpeZ4Nqs88EsWJlGldhiDHeN3YACLcBGAsYHQ\/s1600\/Gobox%25282%2529.png","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/gobox\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/gobox\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"goBox : GO Sandbox To Run Untrusted Code","datePublished":"2020-04-23T15:19:00+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/gobox\/"},"wordCount":216,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/gobox\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-CZo0jZbCziQ\/XqCKs_yJcaI\/AAAAAAAAGAo\/L5605wLpeZ4Nqs88EsWJlGldhiDHeN3YACLcBGAsYHQ\/s1600\/Gobox%25282%2529.png","keywords":["GO Sandbox","goBox","sandbox"],"articleSection":["Kali Linux"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/gobox\/","url":"https:\/\/kalilinuxtutorials.com\/gobox\/","name":"goBox : GO Sandbox To Run Untrusted Code 2020","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/gobox\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/gobox\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-CZo0jZbCziQ\/XqCKs_yJcaI\/AAAAAAAAGAo\/L5605wLpeZ4Nqs88EsWJlGldhiDHeN3YACLcBGAsYHQ\/s1600\/Gobox%25282%2529.png","datePublished":"2020-04-23T15:19:00+00:00","description":"goBox uses Ptrace to hook into READ syscalls, giving you the option to accept or deny syscalls before they are executed. GO sandbox to run untrusted code.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/gobox\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/gobox\/#primaryimage","url":"https:\/\/1.bp.blogspot.com\/-CZo0jZbCziQ\/XqCKs_yJcaI\/AAAAAAAAGAo\/L5605wLpeZ4Nqs88EsWJlGldhiDHeN3YACLcBGAsYHQ\/s1600\/Gobox%25282%2529.png","contentUrl":"https:\/\/1.bp.blogspot.com\/-CZo0jZbCziQ\/XqCKs_yJcaI\/AAAAAAAAGAo\/L5605wLpeZ4Nqs88EsWJlGldhiDHeN3YACLcBGAsYHQ\/s1600\/Gobox%25282%2529.png"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/1.bp.blogspot.com\/-CZo0jZbCziQ\/XqCKs_yJcaI\/AAAAAAAAGAo\/L5605wLpeZ4Nqs88EsWJlGldhiDHeN3YACLcBGAsYHQ\/s1600\/Gobox%25282%2529.png","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":5206,"url":"https:\/\/kalilinuxtutorials.com\/sniffglue\/","url_meta":{"origin":10376,"position":0},"title":"Sniffglue : Secure Multithreaded Packet Sniffer","author":"R K","date":"June 3, 2019","format":false,"excerpt":"Sniffglue is a network sniffer written in rust. Network packets are parsed concurrently using a thread pool to utilize all cpu cores. Project goals are that you can run sniffglue securely on untrusted networks and that it must not crash when processing packets. The output should be as useful as\u2026","rel":"","context":"In "Kali Linux"","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5864,"url":"https:\/\/kalilinuxtutorials.com\/fake-sandbox-script-fake-processes-vm\/","url_meta":{"origin":10376,"position":1},"title":"Fake Sandbox : Script To Simulate Fake Processes Of Analysis Sandbox\/VM","author":"R K","date":"July 20, 2019","format":false,"excerpt":"Fake Sandbox Processes small script will simulate fake processes of analysis, sandbox and VM software that some malware will try to avoid. You can download the original script made by @x0rz here (thanks, by the way). You can also download my slightly optimised script from the root directory. The file\u2026","rel":"","context":"In "Kali Linux"","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":22020,"url":"https:\/\/kalilinuxtutorials.com\/nimhollow\/","url_meta":{"origin":10376,"position":2},"title":"NimHollow : Nim Implementation Of Process Hollowing Using Syscalls (PoC)","author":"R K","date":"February 23, 2022","format":false,"excerpt":"NimHollow is a Nim Implementation Of Process Hollowing Using Syscalls (PoC). Playing around with the\u00a0Process Hollowing\u00a0technique using Nim. Features Direct syscalls for triggering Windows Native API functions with\u00a0NimlineWhispers\u00a0or\u00a0NimlineWhispers2.Shellcode encryption\/decryption with\u00a0AES in CTR mode.Simple sandbox detection methods from the OSEP course by @offensive-security. DISCLAIMER.\u00a0All information contained in this repository is provided\u2026","rel":"","context":"In "Kali Linux"","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEi-1h5dPynTWXAVczH4oTvhHPa-d15HSaWBZ3m8VsjtJvkgiwtdCukveALv9XKH-_xyInq9A3hh_J_9FECtocOWFivd500eiLmbRk3DeXiCz2YAyoQ5feMDAuZpwbIYQ1BSxqN4bcss7XNfcTL6c6TO_1O-iQ1rFADq4NxOX7nVcKxy70b6QhcBkn8j=s728","width":350,"height":200,"srcset":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEi-1h5dPynTWXAVczH4oTvhHPa-d15HSaWBZ3m8VsjtJvkgiwtdCukveALv9XKH-_xyInq9A3hh_J_9FECtocOWFivd500eiLmbRk3DeXiCz2YAyoQ5feMDAuZpwbIYQ1BSxqN4bcss7XNfcTL6c6TO_1O-iQ1rFADq4NxOX7nVcKxy70b6QhcBkn8j=s728 1x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEi-1h5dPynTWXAVczH4oTvhHPa-d15HSaWBZ3m8VsjtJvkgiwtdCukveALv9XKH-_xyInq9A3hh_J_9FECtocOWFivd500eiLmbRk3DeXiCz2YAyoQ5feMDAuZpwbIYQ1BSxqN4bcss7XNfcTL6c6TO_1O-iQ1rFADq4NxOX7nVcKxy70b6QhcBkn8j=s728 1.5x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEi-1h5dPynTWXAVczH4oTvhHPa-d15HSaWBZ3m8VsjtJvkgiwtdCukveALv9XKH-_xyInq9A3hh_J_9FECtocOWFivd500eiLmbRk3DeXiCz2YAyoQ5feMDAuZpwbIYQ1BSxqN4bcss7XNfcTL6c6TO_1O-iQ1rFADq4NxOX7nVcKxy70b6QhcBkn8j=s728 2x"},"classes":[]},{"id":24324,"url":"https:\/\/kalilinuxtutorials.com\/nimcrypt2\/","url_meta":{"origin":10376,"position":3},"title":"Nimcrypt2 : .NET, PE, And Raw Shellcode Packer\/Loader Written In Nim","author":"R K","date":"May 16, 2022","format":false,"excerpt":"Nimcrypt2 is yet another PE packer\/loader designed to bypass AV\/EDR. It is an improvement on my original\u00a0Nimcrypt\u00a0project, with the main improvements being the use of direct syscalls and the ability to load regular PE files as well as raw shellcode. Before going any further, I must acknowledge those who did\u2026","rel":"","context":"In "Kali Linux"","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj8WooNkgWDjr5IkWMnk27e1KJ80OA-PKtxI_aefhyXSgZFRLpHKVweeLPYiM_TWm7IKOwyRlEN7GLLceNMKw9xmMW3bxQ4R-zbApSqiJEjuHxtjrBjJaJZukLWTXi0POayoe7E_BL8EVn9w8Gs5PBMIR9-dsnChvNIBK3dD2lH_vW1IsSt1orUrTjG\/s728\/image_750x500_62561864e6a70.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj8WooNkgWDjr5IkWMnk27e1KJ80OA-PKtxI_aefhyXSgZFRLpHKVweeLPYiM_TWm7IKOwyRlEN7GLLceNMKw9xmMW3bxQ4R-zbApSqiJEjuHxtjrBjJaJZukLWTXi0POayoe7E_BL8EVn9w8Gs5PBMIR9-dsnChvNIBK3dD2lH_vW1IsSt1orUrTjG\/s728\/image_750x500_62561864e6a70.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj8WooNkgWDjr5IkWMnk27e1KJ80OA-PKtxI_aefhyXSgZFRLpHKVweeLPYiM_TWm7IKOwyRlEN7GLLceNMKw9xmMW3bxQ4R-zbApSqiJEjuHxtjrBjJaJZukLWTXi0POayoe7E_BL8EVn9w8Gs5PBMIR9-dsnChvNIBK3dD2lH_vW1IsSt1orUrTjG\/s728\/image_750x500_62561864e6a70.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj8WooNkgWDjr5IkWMnk27e1KJ80OA-PKtxI_aefhyXSgZFRLpHKVweeLPYiM_TWm7IKOwyRlEN7GLLceNMKw9xmMW3bxQ4R-zbApSqiJEjuHxtjrBjJaJZukLWTXi0POayoe7E_BL8EVn9w8Gs5PBMIR9-dsnChvNIBK3dD2lH_vW1IsSt1orUrTjG\/s728\/image_750x500_62561864e6a70.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":31321,"url":"https:\/\/kalilinuxtutorials.com\/lightsout\/","url_meta":{"origin":10376,"position":4},"title":"LightsOut: Disabling AMSI & ETW with an Obfuscated DLL","author":"Varshini","date":"November 21, 2023","format":false,"excerpt":"LightsOut will generate an obfuscated DLL that will disable AMSI & ETW while trying to evade AV. This is done by randomizing all WinAPI functions used, xor encoding strings, and utilizing basic sandbox checks. Mingw-w64 is used to compile the obfuscated C code into a DLL that can be loaded\u2026","rel":"","context":"In "Exploitation Tools"","block_context":{"text":"Exploitation Tools","link":"https:\/\/kalilinuxtutorials.com\/category\/et\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjOaNCfoOgxWKmZE84huTnX-5H5VGD4LxRTPJa6OvS2BA8Q84VGwIApuXiAnJgDb5AiTJAikdA_qs4WnGhXq2rj_I3jmdCEE7_TJwl_jAE97-AUfVPllwWQr8p8cm19cKNWyWbVjRKgN3mW9wy6fSWqgR_Z32H6LfD-cuGwlm293IQdRIsMIqQ-352XcA\/s16000\/Lights%20out.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjOaNCfoOgxWKmZE84huTnX-5H5VGD4LxRTPJa6OvS2BA8Q84VGwIApuXiAnJgDb5AiTJAikdA_qs4WnGhXq2rj_I3jmdCEE7_TJwl_jAE97-AUfVPllwWQr8p8cm19cKNWyWbVjRKgN3mW9wy6fSWqgR_Z32H6LfD-cuGwlm293IQdRIsMIqQ-352XcA\/s16000\/Lights%20out.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjOaNCfoOgxWKmZE84huTnX-5H5VGD4LxRTPJa6OvS2BA8Q84VGwIApuXiAnJgDb5AiTJAikdA_qs4WnGhXq2rj_I3jmdCEE7_TJwl_jAE97-AUfVPllwWQr8p8cm19cKNWyWbVjRKgN3mW9wy6fSWqgR_Z32H6LfD-cuGwlm293IQdRIsMIqQ-352XcA\/s16000\/Lights%20out.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjOaNCfoOgxWKmZE84huTnX-5H5VGD4LxRTPJa6OvS2BA8Q84VGwIApuXiAnJgDb5AiTJAikdA_qs4WnGhXq2rj_I3jmdCEE7_TJwl_jAE97-AUfVPllwWQr8p8cm19cKNWyWbVjRKgN3mW9wy6fSWqgR_Z32H6LfD-cuGwlm293IQdRIsMIqQ-352XcA\/s16000\/Lights%20out.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjOaNCfoOgxWKmZE84huTnX-5H5VGD4LxRTPJa6OvS2BA8Q84VGwIApuXiAnJgDb5AiTJAikdA_qs4WnGhXq2rj_I3jmdCEE7_TJwl_jAE97-AUfVPllwWQr8p8cm19cKNWyWbVjRKgN3mW9wy6fSWqgR_Z32H6LfD-cuGwlm293IQdRIsMIqQ-352XcA\/s16000\/Lights%20out.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjOaNCfoOgxWKmZE84huTnX-5H5VGD4LxRTPJa6OvS2BA8Q84VGwIApuXiAnJgDb5AiTJAikdA_qs4WnGhXq2rj_I3jmdCEE7_TJwl_jAE97-AUfVPllwWQr8p8cm19cKNWyWbVjRKgN3mW9wy6fSWqgR_Z32H6LfD-cuGwlm293IQdRIsMIqQ-352XcA\/s16000\/Lights%20out.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":24881,"url":"https:\/\/kalilinuxtutorials.com\/shhhloader\/","url_meta":{"origin":10376,"position":5},"title":"Shhhloader : SysWhispers Shellcode Loader","author":"R K","date":"May 28, 2022","format":false,"excerpt":"Shhhloader is a SysWhispers Shellcode Loader that is currently a Work in Progress. It takes raw shellcode as input and compiles a C++ stub that has been integrated with SysWhispers in order to bypass AV\/EDR. The included python builder will work on any Linux system that has Mingw-w64 installed. The\u2026","rel":"","context":"In "Kali Linux"","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg6hnLADNxxkI70NALQu38dtY_oqJXHED0XbW9Igs7onIJ8syEhWm6PFRXrbuW22lXvD5oI8tblPGzKa9Mq8kjzEoANDXj2w6eun7RhgVmMVhUi-V4z0iFt2IbjUzUI8bvKIUCEfe8uclUAe7zG9wsmEMY8ss948codiGveesYSxJs1QQz_0ggHGFC7\/s728\/mqdefault.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg6hnLADNxxkI70NALQu38dtY_oqJXHED0XbW9Igs7onIJ8syEhWm6PFRXrbuW22lXvD5oI8tblPGzKa9Mq8kjzEoANDXj2w6eun7RhgVmMVhUi-V4z0iFt2IbjUzUI8bvKIUCEfe8uclUAe7zG9wsmEMY8ss948codiGveesYSxJs1QQz_0ggHGFC7\/s728\/mqdefault.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg6hnLADNxxkI70NALQu38dtY_oqJXHED0XbW9Igs7onIJ8syEhWm6PFRXrbuW22lXvD5oI8tblPGzKa9Mq8kjzEoANDXj2w6eun7RhgVmMVhUi-V4z0iFt2IbjUzUI8bvKIUCEfe8uclUAe7zG9wsmEMY8ss948codiGveesYSxJs1QQz_0ggHGFC7\/s728\/mqdefault.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg6hnLADNxxkI70NALQu38dtY_oqJXHED0XbW9Igs7onIJ8syEhWm6PFRXrbuW22lXvD5oI8tblPGzKa9Mq8kjzEoANDXj2w6eun7RhgVmMVhUi-V4z0iFt2IbjUzUI8bvKIUCEfe8uclUAe7zG9wsmEMY8ss948codiGveesYSxJs1QQz_0ggHGFC7\/s728\/mqdefault.png?resize=700%2C400&ssl=1 2x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/10376","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=10376"}],"version-history":[{"count":0,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/10376\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/16253"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=10376"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=10376"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=10376"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}