{"id":28058,"date":"2022-12-23T05:40:02","date_gmt":"2022-12-23T05:40:02","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=28058"},"modified":"2022-12-23T05:40:04","modified_gmt":"2022-12-23T05:40:04","slug":"lazzzy","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/lazzzy\/","title":{"rendered":"laZzzy : Shellcode Loader, Developed Using Different Open-Source Libraries, That Demonstrates Different Execution Techniques"},"content":{"rendered":"\n<p><strong>laZzzy <\/strong>is a shellcode loader that demonstrates different execution techniques commonly employed by malware. laZzzy was developed using different open-source header-only libraries.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-style:normal;font-weight:600\"><a href=\"https:\/\/github.com\/capt-meelo\/laZzzy#features\"><\/a>Features<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Direct syscalls and native (<code>Nt*<\/code>) functions (not all functions but most)<\/li>\n\n\n\n<li>Import Address Table (IAT) evasion<\/li>\n\n\n\n<li>Encrypted payload (XOR and AES)\n<ul class=\"wp-block-list\">\n<li>Randomly generated key<\/li>\n\n\n\n<li>Automatic padding (if necessary) of payload with NOPS (<code>\\x90<\/code>)<\/li>\n\n\n\n<li>Byte-by-byte in-memory decryption of payload<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>XOR-encrypted strings<\/li>\n\n\n\n<li>PPID spoofing<\/li>\n\n\n\n<li>Blocking of non-Microsoft-signed DLLs<\/li>\n\n\n\n<li>(Optional) Cloning of PE icon and attributes<\/li>\n\n\n\n<li>(Optional) Code signing with spoofed cert<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-style:normal;font-weight:600\"><a href=\"https:\/\/github.com\/capt-meelo\/laZzzy#how-to-use\"><\/a>How to Use?<\/h2>\n\n\n\n<h4 class=\"wp-block-heading\"><strong><a href=\"https:\/\/github.com\/capt-meelo\/laZzzy#requirements\"><\/a>Requirements<\/strong>:<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Windows machine w\/ Visual Studio and the following components, which can be installed from <em><code>Visual Studio Installer<\/code> &gt; <code>Individual Components<\/code><\/em>:\n<ul class=\"wp-block-list\">\n<li><code>C++ Clang Compiler for Windows<\/code> and <code>C++ Clang-cl for build tools<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi_J9X-nW2PQd5xgRl5Y3k2jXZM7-vLP60mmlSHCgMs6CResXebVKzZwl91pTFoMGA3HZDKE4p8R7eg-TpyGZ--ZAaVlpQgvEvPXY6-5ZCoCiR-z9qKcd-0P38WQvUe9dphkhtzvK-Z4jR__RRdRvm7xWqmQMQ39nD5bLp9DOb0IdTk6nkkrJU7ToH3\/s624\/laZzzy.png\" alt=\"\" \/><\/figure>\n\n\n\n<p><code>ClickOnce Publishing<\/code><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjb3IFrwq9GHSHNL-7FKvkwGQmH7fvaNjwpYLIWZbbcmlnA53LZ6LWOq2s9rSyvDc9-iDkz_W4oX3eO0uObyUzlHAxsnEeSks18MvWCAQDRM4s-mYfBDLgXAoRl-VTT81o_GMsBufKl9s7ZngKZYAOP7Shb3g3-O1GMsWSqRTi_OBxm0OCRu94QzUo-\/s632\/laZzzy1.png\" alt=\"\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Python3 and the required modules:\n<ul class=\"wp-block-list\">\n<li><code>python3 -m pip install -r requirements.txt<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-style:normal;font-weight:600\">Options<\/h2>\n\n\n\n<pre class=\"wp-block-preformatted has-background\" style=\"background-color:#f4f4f4\"><strong>(venv) PS C:\\MalDev\\laZzzy&gt; python3 .\\builder.py -h\n\n\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u28c0\u28c0\u28c0\u2840\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\n\u2800\u2800\u28ff\u28ff\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u28e0\u28e4\u28e4\u28e4\u28e4\u2800\u2880\u28fc\u281f\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\n\u2800\u2800\u28ff\u28ff\u2800\u2800\u2800\u2800\u2880\u28c0\u28c0\u2840\u2800\u2800\u2800\u2880\u28c0\u28c0\u28c0\u28c0\u28c0\u2840\u2800\u2880\u28fc\u287f\u2801\u2800\u281b\u281b\u2812\u2812\u2880\u28c0\u2840\u2800\u2800\u2800\u28c0\u2840\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\n\u2800\u2800\u28ff\u28ff\u2800\u2800\u28f0\u28fe\u281f\u280b\u2819\u28bb\u28ff\u2800\u2800\u281b\u281b\u289b\u28ff\u28ff\u280f\u2800\u28e0\u28ff\u28ef\u28e4\u28e4\u2804\u2800\u2800\u2800\u2800\u2808\u28bf\u28f7\u2840\u2800\u28f0\u28ff\u2803\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\n\u2800\u2800\u28ff\u28ff\u2800\u2800\u28ff\u28ef\u2800\u2800\u2800\u28b8\u28ff\u2800\u2800\u2800\u28e0\u28ff\u285f\u2801\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2808\u28bf\u28e7\u28f0\u28ff\u2803\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\n\u2800\u2800\u28ff\u28ff\u2800\u2800\u2819\u283f\u28f7\u28e6\u28f4\u28bf\u28ff\u2804\u2880\u28fe\u28ff\u28ff\u28f6\u28f6\u28f6\u2806\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2818\u28ff\u287f\u2803\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\n\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u28fc\u287f\u2801\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\n\u2800\u2800by: CaptMeelo\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2808\u2809\u2801\u2800\u2800\u2800\n\nusage: builder.py [-h] -s  -p  -m  [-tp] [-sp] [-pp] [-b] [-d]\n\noptions:\n  -h, --help  show this help message and exit\n  -s          path to raw shellcode\n  -p          password\n  -m          shellcode execution method (e.g. 1)\n  -tp         process to inject (e.g. svchost.exe)\n  -sp         process to spawn (e.g. C:\\\\Windows\\\\System32\\\\RuntimeBroker.exe)\n  -pp         parent process to spoof (e.g. explorer.exe)\n  -b          binary to spoof metadata (e.g. C:\\\\Windows\\\\System32\\\\RuntimeBroker.exe)\n  -d          domain to spoof (e.g. www.microsoft.com)\n\nshellcode execution method:\n   1          Early-bird APC Queue (requires sacrificial proces)\n   2          Thread Hijacking (requires sacrificial proces)\n   3          KernelCallbackTable (requires sacrificial process that has GUI)\n   4          Section View Mapping\n   5          Thread Suspension\n   6          LineDDA Callback\n   7          EnumSystemGeoID Callback\n   8          FLS Callback\n   9          SetTimer\n   10         Clipboard<\/strong><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-style:normal;font-weight:600\">Example<\/h2>\n\n\n\n<p>Execute <code>builder.py<\/code> and supply the necessary data.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted has-background\" style=\"background-color:#f4f4f4\"><strong>(venv) PS C:\\MalDev\\laZzzy&gt; python3 .\\builder.py -s .\\calc.bin -p CaptMeelo -m 1 -pp explorer.exe -sp C:\\\\Windows\\\\System32\\\\notepad.exe -d www.microsoft.com -b C:\\\\Windows\\\\System32\\\\mmc.exe\n\n\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u28c0\u28c0\u28c0\u2840\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\n\u2800\u2800\u28ff\u28ff\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u28e0\u28e4\u28e4\u28e4\u28e4\u2800\u2880\u28fc\u281f\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\n\u2800\u2800\u28ff\u28ff\u2800\u2800\u2800\u2800\u2880\u28c0\u28c0\u2840\u2800\u2800\u2800\u2880\u28c0\u28c0\u28c0\u28c0\u28c0\u2840\u2800\u2880\u28fc\u287f\u2801\u2800\u281b\u281b\u2812\u2812\u2880\u28c0\u2840\u2800\u2800\u2800\u28c0\u2840\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\n\u2800\u2800\u28ff\u28ff\u2800\u2800\u28f0\u28fe\u281f\u280b\u2819\u28bb\u28ff\u2800\u2800\u281b\u281b\u289b\u28ff\u28ff\u280f\u2800\u28e0\u28ff\u28ef\u28e4\u28e4\u2804\u2800\u2800\u2800\u2800\u2808\u28bf\u28f7\u2840\u2800\u28f0\u28ff\u2803\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\n\u2800\u2800\u28ff\u28ff\u2800\u2800\u28ff\u28ef\u2800\u2800\u2800\u28b8\u28ff\u2800\u2800\u2800\u28e0\u28ff\u285f\u2801\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2808\u28bf\u28e7\u28f0\u28ff\u2803\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\n\u2800\u2800\u28ff\u28ff\u2800\u2800\u2819\u283f\u28f7\u28e6\u28f4\u28bf\u28ff\u2804\u2880\u28fe\u28ff\u28ff\u28f6\u28f6\u28f6\u2806\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2818\u28ff\u287f\u2803\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\n\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u28fc\u287f\u2801\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\n\u2800\u2800by: CaptMeelo\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2808\u2809\u2801\u2800\u2800\u2800\n\n[+] XOR-encrypting payload with\n        [*] Key:                        d3b666606468293dfa21ce2ff25e86f6\n\n[+] AES-encrypting payload with\n        [*] IV:                         f96312f17a1a9919c74b633c5f861fe5\n        [*] Key:                        6c9656ed1bc50e1d5d4033479e742b4b8b2a9b2fc81fc081fc649e3fb4424fec\n\n[+] Modifying template using\n        [*] Technique:                  Early-bird APC Queue\n        [*] Process to inject:          None\n        [*] Process to spawn:           C:\\\\Windows\\\\System32\\\\RuntimeBroker.exe\n        [*] Parent process to spoof:    svchost.exe\n\n[+] Spoofing metadata\n        [*] Binary:                     C:\\\\Windows\\\\System32\\\\RuntimeBroker.exe\n        [*] CompanyName:                Microsoft Corporation\n        [*] FileDescription:            Runtime Broker\n        [*] FileVersion:                10.0.22621.608 (WinBuild.160101.0800)\n        [*] InternalName:               RuntimeBroker.exe\n        [*] LegalCopyright:             \u00a9 Microsoft Corporation. All rights reserved.\n        [*] OriginalFilename:           RuntimeBroker.exe\n        [*] ProductName:                Microsoft\u00ae Windows\u00ae Operating System\n        [*] ProductVersion:             10.0.22621.608\n\n[+] Compiling project\n        [*] Compiled executable:        C:\\MalDev\\laZzzy\\loader\\x64\\Release\\laZzzy.exe\n\n[+] Signing binary with spoofed cert\n        [*] Domain:                     www.microsoft.com\n        [*] Version:                    2\n        [*] Serial:                     33:00:59:f8:b6:da:86:89:70:6f:fa:1b:d9:00:00:00:59:f8:b6\n        [*] Subject:                    \/C=US\/ST=WA\/L=Redmond\/O=Microsoft Corporation\/CN=www.microsoft.com\n        [*] Issuer:                     \/C=US\/O=Microsoft Corporatio<\/strong>n\/CN=Microsoft Azure TLS Issuing CA 06\n        [*] Not Before:                 October 04 2022\n        [*] Not After:                  September 29 2023\n        [*] PFX file:                   C:\\MalDev\\laZzzy\\output\\www.microsoft.com.pfx\n\n[+] All done!\n        [*] Output file:                C:\\MalDev\\laZzzy\\output\\RuntimeBroker.exe<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-style:normal;font-weight:600\">Shellcode Execution Techniques<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Early-bird APC Queue <em>(requires sacrificial process)<\/em><\/li>\n\n\n\n<li>Thread Hijacking <em>(requires sacrificial process)<\/em><\/li>\n\n\n\n<li>KernelCallbackTable <em>(requires sacrificial process that has a GUI)<\/em><\/li>\n\n\n\n<li>Section View Mapping<\/li>\n\n\n\n<li>Thread Suspension<\/li>\n\n\n\n<li>LineDDA Callback<\/li>\n\n\n\n<li>EnumSystemGeoID Callback<\/li>\n\n\n\n<li>Fiber Local Storage (FLS) Callback<\/li>\n\n\n\n<li>SetTimer<\/li>\n\n\n\n<li>Clipboard<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-style:normal;font-weight:600\">Notes<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Only works on <strong>Windows x64<\/strong><\/li>\n\n\n\n<li>Debugging only works on <strong>Release<\/strong> mode<\/li>\n\n\n\n<li>Sometimes, <strong>KernelCallbackTable<\/strong> doesn&#8217;t work on the first run but will eventually work afterward<\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button aligncenter\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/github.com\/capt-meelo\/laZzzy\" target=\"_blank\" rel=\"noreferrer noopener\">Click Here To Download<\/a><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>laZzzy is a shellcode loader that demonstrates different execution techniques commonly employed by malware. laZzzy was developed using different open-source header-only libraries. Features How to Use? Requirements: ClickOnce Publishing Options (venv) PS C:\\MalDev\\laZzzy&gt; python3 .\\builder.py -h \u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u28c0\u28c0\u28c0\u2840\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800 \u2800\u2800\u28ff\u28ff\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u28e0\u28e4\u28e4\u28e4\u28e4\u2800\u2880\u28fc\u281f\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800 \u2800\u2800\u28ff\u28ff\u2800\u2800\u2800\u2800\u2880\u28c0\u28c0\u2840\u2800\u2800\u2800\u2880\u28c0\u28c0\u28c0\u28c0\u28c0\u2840\u2800\u2880\u28fc\u287f\u2801\u2800\u281b\u281b\u2812\u2812\u2880\u28c0\u2840\u2800\u2800\u2800\u28c0\u2840\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800 \u2800\u2800\u28ff\u28ff\u2800\u2800\u28f0\u28fe\u281f\u280b\u2819\u28bb\u28ff\u2800\u2800\u281b\u281b\u289b\u28ff\u28ff\u280f\u2800\u28e0\u28ff\u28ef\u28e4\u28e4\u2804\u2800\u2800\u2800\u2800\u2808\u28bf\u28f7\u2840\u2800\u28f0\u28ff\u2803\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800 \u2800\u2800\u28ff\u28ff\u2800\u2800\u28ff\u28ef\u2800\u2800\u2800\u28b8\u28ff\u2800\u2800\u2800\u28e0\u28ff\u285f\u2801\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2808\u28bf\u28e7\u28f0\u28ff\u2803\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800 \u2800\u2800\u28ff\u28ff\u2800\u2800\u2819\u283f\u28f7\u28e6\u28f4\u28bf\u28ff\u2804\u2880\u28fe\u28ff\u28ff\u28f6\u28f6\u28f6\u2806\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2818\u28ff\u287f\u2803\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800 \u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u28fc\u287f\u2801\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800 \u2800\u2800by: CaptMeelo\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2800\u2808\u2809\u2801\u2800\u2800\u2800 usage: builder.py [-h] -s -p -m [-tp] [-sp] [-pp] [-b] [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":28062,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiIb7zkLuBaCpoxHOQVpN6A9PZ_BUjk3VBKHHszmxq6JsmjWHEsH8-uhhB91yRN2OhB6uRGRyrTQ2llNk4GJ4G-yy9lS69OrNXRf-97k9m_vFDSv1JctF7s9pvaS_vUqkuuAEesTAAD__sydbXJu5QOWpfVytT0XwCaXHNIOzYmVFih7D19WXbqVMHp\/s1248\/laZzzy(1).png","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[5826,2000,3077],"class_list":["post-28058","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali","tag-lazzzy","tag-malware","tag-shellcode"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>laZzzy : Shellcode Loader,Developed Using Different Open-Source Libraries<\/title>\n<meta name=\"description\" content=\"laZzzy is a shellcode loader that demonstrates different execution techniques commonly employed by malware. laZzzy was developed\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/lazzzy\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"laZzzy : Shellcode Loader,Developed Using Different Open-Source Libraries\" \/>\n<meta property=\"og:description\" content=\"laZzzy is a shellcode loader that demonstrates different execution techniques commonly employed by malware. laZzzy was developed\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/lazzzy\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2022-12-23T05:40:02+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-12-23T05:40:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiIb7zkLuBaCpoxHOQVpN6A9PZ_BUjk3VBKHHszmxq6JsmjWHEsH8-uhhB91yRN2OhB6uRGRyrTQ2llNk4GJ4G-yy9lS69OrNXRf-97k9m_vFDSv1JctF7s9pvaS_vUqkuuAEesTAAD__sydbXJu5QOWpfVytT0XwCaXHNIOzYmVFih7D19WXbqVMHp\/s1248\/laZzzy(1).png\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiIb7zkLuBaCpoxHOQVpN6A9PZ_BUjk3VBKHHszmxq6JsmjWHEsH8-uhhB91yRN2OhB6uRGRyrTQ2llNk4GJ4G-yy9lS69OrNXRf-97k9m_vFDSv1JctF7s9pvaS_vUqkuuAEesTAAD__sydbXJu5QOWpfVytT0XwCaXHNIOzYmVFih7D19WXbqVMHp\/s1248\/laZzzy(1).png\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/lazzzy\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/lazzzy\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"laZzzy : Shellcode Loader, Developed Using Different Open-Source Libraries, That Demonstrates Different Execution Techniques\",\"datePublished\":\"2022-12-23T05:40:02+00:00\",\"dateModified\":\"2022-12-23T05:40:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/lazzzy\/\"},\"wordCount\":194,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/lazzzy\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiIb7zkLuBaCpoxHOQVpN6A9PZ_BUjk3VBKHHszmxq6JsmjWHEsH8-uhhB91yRN2OhB6uRGRyrTQ2llNk4GJ4G-yy9lS69OrNXRf-97k9m_vFDSv1JctF7s9pvaS_vUqkuuAEesTAAD__sydbXJu5QOWpfVytT0XwCaXHNIOzYmVFih7D19WXbqVMHp\/s1248\/laZzzy(1).png\",\"keywords\":[\"laZzzy\",\"Malware\",\"shellcode\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/lazzzy\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/lazzzy\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/lazzzy\/\",\"name\":\"laZzzy : Shellcode Loader,Developed Using Different Open-Source Libraries\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/lazzzy\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/lazzzy\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiIb7zkLuBaCpoxHOQVpN6A9PZ_BUjk3VBKHHszmxq6JsmjWHEsH8-uhhB91yRN2OhB6uRGRyrTQ2llNk4GJ4G-yy9lS69OrNXRf-97k9m_vFDSv1JctF7s9pvaS_vUqkuuAEesTAAD__sydbXJu5QOWpfVytT0XwCaXHNIOzYmVFih7D19WXbqVMHp\/s1248\/laZzzy(1).png\",\"datePublished\":\"2022-12-23T05:40:02+00:00\",\"dateModified\":\"2022-12-23T05:40:04+00:00\",\"description\":\"laZzzy is a shellcode loader that demonstrates different execution techniques commonly employed by malware. laZzzy was developed\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/lazzzy\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/lazzzy\/#primaryimage\",\"url\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiIb7zkLuBaCpoxHOQVpN6A9PZ_BUjk3VBKHHszmxq6JsmjWHEsH8-uhhB91yRN2OhB6uRGRyrTQ2llNk4GJ4G-yy9lS69OrNXRf-97k9m_vFDSv1JctF7s9pvaS_vUqkuuAEesTAAD__sydbXJu5QOWpfVytT0XwCaXHNIOzYmVFih7D19WXbqVMHp\/s1248\/laZzzy(1).png\",\"contentUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiIb7zkLuBaCpoxHOQVpN6A9PZ_BUjk3VBKHHszmxq6JsmjWHEsH8-uhhB91yRN2OhB6uRGRyrTQ2llNk4GJ4G-yy9lS69OrNXRf-97k9m_vFDSv1JctF7s9pvaS_vUqkuuAEesTAAD__sydbXJu5QOWpfVytT0XwCaXHNIOzYmVFih7D19WXbqVMHp\/s1248\/laZzzy(1).png\",\"width\":\"1248\",\"height\":\"380\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"laZzzy : Shellcode Loader,Developed Using Different Open-Source Libraries","description":"laZzzy is a shellcode loader that demonstrates different execution techniques commonly employed by malware. laZzzy was developed","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/lazzzy\/","og_locale":"en_US","og_type":"article","og_title":"laZzzy : Shellcode Loader,Developed Using Different Open-Source Libraries","og_description":"laZzzy is a shellcode loader that demonstrates different execution techniques commonly employed by malware. laZzzy was developed","og_url":"https:\/\/kalilinuxtutorials.com\/lazzzy\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2022-12-23T05:40:02+00:00","article_modified_time":"2022-12-23T05:40:04+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiIb7zkLuBaCpoxHOQVpN6A9PZ_BUjk3VBKHHszmxq6JsmjWHEsH8-uhhB91yRN2OhB6uRGRyrTQ2llNk4GJ4G-yy9lS69OrNXRf-97k9m_vFDSv1JctF7s9pvaS_vUqkuuAEesTAAD__sydbXJu5QOWpfVytT0XwCaXHNIOzYmVFih7D19WXbqVMHp\/s1248\/laZzzy(1).png","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiIb7zkLuBaCpoxHOQVpN6A9PZ_BUjk3VBKHHszmxq6JsmjWHEsH8-uhhB91yRN2OhB6uRGRyrTQ2llNk4GJ4G-yy9lS69OrNXRf-97k9m_vFDSv1JctF7s9pvaS_vUqkuuAEesTAAD__sydbXJu5QOWpfVytT0XwCaXHNIOzYmVFih7D19WXbqVMHp\/s1248\/laZzzy(1).png","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/lazzzy\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/lazzzy\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"laZzzy : Shellcode Loader, Developed Using Different Open-Source Libraries, That Demonstrates Different Execution Techniques","datePublished":"2022-12-23T05:40:02+00:00","dateModified":"2022-12-23T05:40:04+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/lazzzy\/"},"wordCount":194,"commentCount":0,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/lazzzy\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiIb7zkLuBaCpoxHOQVpN6A9PZ_BUjk3VBKHHszmxq6JsmjWHEsH8-uhhB91yRN2OhB6uRGRyrTQ2llNk4GJ4G-yy9lS69OrNXRf-97k9m_vFDSv1JctF7s9pvaS_vUqkuuAEesTAAD__sydbXJu5QOWpfVytT0XwCaXHNIOzYmVFih7D19WXbqVMHp\/s1248\/laZzzy(1).png","keywords":["laZzzy","Malware","shellcode"],"articleSection":["Kali Linux"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kalilinuxtutorials.com\/lazzzy\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/lazzzy\/","url":"https:\/\/kalilinuxtutorials.com\/lazzzy\/","name":"laZzzy : Shellcode Loader,Developed Using Different Open-Source Libraries","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/lazzzy\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/lazzzy\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiIb7zkLuBaCpoxHOQVpN6A9PZ_BUjk3VBKHHszmxq6JsmjWHEsH8-uhhB91yRN2OhB6uRGRyrTQ2llNk4GJ4G-yy9lS69OrNXRf-97k9m_vFDSv1JctF7s9pvaS_vUqkuuAEesTAAD__sydbXJu5QOWpfVytT0XwCaXHNIOzYmVFih7D19WXbqVMHp\/s1248\/laZzzy(1).png","datePublished":"2022-12-23T05:40:02+00:00","dateModified":"2022-12-23T05:40:04+00:00","description":"laZzzy is a shellcode loader that demonstrates different execution techniques commonly employed by malware. laZzzy was developed","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/lazzzy\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/lazzzy\/#primaryimage","url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiIb7zkLuBaCpoxHOQVpN6A9PZ_BUjk3VBKHHszmxq6JsmjWHEsH8-uhhB91yRN2OhB6uRGRyrTQ2llNk4GJ4G-yy9lS69OrNXRf-97k9m_vFDSv1JctF7s9pvaS_vUqkuuAEesTAAD__sydbXJu5QOWpfVytT0XwCaXHNIOzYmVFih7D19WXbqVMHp\/s1248\/laZzzy(1).png","contentUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiIb7zkLuBaCpoxHOQVpN6A9PZ_BUjk3VBKHHszmxq6JsmjWHEsH8-uhhB91yRN2OhB6uRGRyrTQ2llNk4GJ4G-yy9lS69OrNXRf-97k9m_vFDSv1JctF7s9pvaS_vUqkuuAEesTAAD__sydbXJu5QOWpfVytT0XwCaXHNIOzYmVFih7D19WXbqVMHp\/s1248\/laZzzy(1).png","width":"1248","height":"380"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiIb7zkLuBaCpoxHOQVpN6A9PZ_BUjk3VBKHHszmxq6JsmjWHEsH8-uhhB91yRN2OhB6uRGRyrTQ2llNk4GJ4G-yy9lS69OrNXRf-97k9m_vFDSv1JctF7s9pvaS_vUqkuuAEesTAAD__sydbXJu5QOWpfVytT0XwCaXHNIOzYmVFih7D19WXbqVMHp\/s1248\/laZzzy(1).png","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":32583,"url":"https:\/\/kalilinuxtutorials.com\/chaildr\/","url_meta":{"origin":28058,"position":0},"title":"ChaiLdr &#8211; AV Evasive Payload Loader : Unveiling Next-Gen Evasion Capabilities","author":"Varshini","date":"April 2, 2024","format":false,"excerpt":"ChaiLdr - AV Evasive Payload Loader represents a cutting-edge approach in malware development, blending innovative evasion techniques to bypass modern antivirus solutions. Crafted with advanced concepts learned in malware engineering, this tool introduces a new level of sophistication in delivering payloads undetected. From indirect syscalls and API hammering to HTTP\/S\u2026","rel":"","context":"In &quot;Malware&quot;","block_context":{"text":"Malware","link":"https:\/\/kalilinuxtutorials.com\/category\/malware\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgZ41pMpm57LYwPb-p1_vWv2dXIbWIbcThqvEJjgGVf5UsR7qi2hedUL30-HQ0X55uONlKF9dIjpN_SNwhdoSupJiFgaMrEYRnm-cylv9ajPru_i1qVEInxTH7-ZbpKQZ7EEjj__nA5rkoXx4F50B0kkMLmKs8BkD6dP4xKemIaP9LqFZcwZxHhLoNuhdrp\/s16000\/ChaiLdr%20.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgZ41pMpm57LYwPb-p1_vWv2dXIbWIbcThqvEJjgGVf5UsR7qi2hedUL30-HQ0X55uONlKF9dIjpN_SNwhdoSupJiFgaMrEYRnm-cylv9ajPru_i1qVEInxTH7-ZbpKQZ7EEjj__nA5rkoXx4F50B0kkMLmKs8BkD6dP4xKemIaP9LqFZcwZxHhLoNuhdrp\/s16000\/ChaiLdr%20.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgZ41pMpm57LYwPb-p1_vWv2dXIbWIbcThqvEJjgGVf5UsR7qi2hedUL30-HQ0X55uONlKF9dIjpN_SNwhdoSupJiFgaMrEYRnm-cylv9ajPru_i1qVEInxTH7-ZbpKQZ7EEjj__nA5rkoXx4F50B0kkMLmKs8BkD6dP4xKemIaP9LqFZcwZxHhLoNuhdrp\/s16000\/ChaiLdr%20.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgZ41pMpm57LYwPb-p1_vWv2dXIbWIbcThqvEJjgGVf5UsR7qi2hedUL30-HQ0X55uONlKF9dIjpN_SNwhdoSupJiFgaMrEYRnm-cylv9ajPru_i1qVEInxTH7-ZbpKQZ7EEjj__nA5rkoXx4F50B0kkMLmKs8BkD6dP4xKemIaP9LqFZcwZxHhLoNuhdrp\/s16000\/ChaiLdr%20.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgZ41pMpm57LYwPb-p1_vWv2dXIbWIbcThqvEJjgGVf5UsR7qi2hedUL30-HQ0X55uONlKF9dIjpN_SNwhdoSupJiFgaMrEYRnm-cylv9ajPru_i1qVEInxTH7-ZbpKQZ7EEjj__nA5rkoXx4F50B0kkMLmKs8BkD6dP4xKemIaP9LqFZcwZxHhLoNuhdrp\/s16000\/ChaiLdr%20.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgZ41pMpm57LYwPb-p1_vWv2dXIbWIbcThqvEJjgGVf5UsR7qi2hedUL30-HQ0X55uONlKF9dIjpN_SNwhdoSupJiFgaMrEYRnm-cylv9ajPru_i1qVEInxTH7-ZbpKQZ7EEjj__nA5rkoXx4F50B0kkMLmKs8BkD6dP4xKemIaP9LqFZcwZxHhLoNuhdrp\/s16000\/ChaiLdr%20.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":21766,"url":"https:\/\/kalilinuxtutorials.com\/jektor\/","url_meta":{"origin":28058,"position":1},"title":"Jektor : A Windows User-Mode Shellcode Execution Tool That Demonstrates Various Techniques That Malware Uses","author":"R K","date":"February 14, 2022","format":false,"excerpt":"Jektor utility focuses on shellcode injection techniques to demonstrate methods that malware may use to execute shellcode on a victim system \u00a0Dynamically resolves API functions to evade IAT inclusion\u00a0Includes usage of undocumented NT Windows API functions\u00a0Supports local shellcode execution via CreateThread\u00a0Supports remote shellcode execution via CreateRemoteThread\u00a0Supports local shellcode injection via\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEh16vEZ6PH-I-ZrsBFnWcCoddD1_0xRZcFAcs-XGffqVnINIl9AnvBH477KhNWOJPBCVL_mzVIZjDIx7lkkvPnRWDK2KIfYhKDw4zVu1xaiquW79Rw06fJZ_09pPTLl6UW-vMAz_ZwZbwt8R4HzbJU3qTkQAws20XD0IC7yoERPYm21Xkf1e3PH8jYs=s1706","width":350,"height":200,"srcset":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEh16vEZ6PH-I-ZrsBFnWcCoddD1_0xRZcFAcs-XGffqVnINIl9AnvBH477KhNWOJPBCVL_mzVIZjDIx7lkkvPnRWDK2KIfYhKDw4zVu1xaiquW79Rw06fJZ_09pPTLl6UW-vMAz_ZwZbwt8R4HzbJU3qTkQAws20XD0IC7yoERPYm21Xkf1e3PH8jYs=s1706 1x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEh16vEZ6PH-I-ZrsBFnWcCoddD1_0xRZcFAcs-XGffqVnINIl9AnvBH477KhNWOJPBCVL_mzVIZjDIx7lkkvPnRWDK2KIfYhKDw4zVu1xaiquW79Rw06fJZ_09pPTLl6UW-vMAz_ZwZbwt8R4HzbJU3qTkQAws20XD0IC7yoERPYm21Xkf1e3PH8jYs=s1706 1.5x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEh16vEZ6PH-I-ZrsBFnWcCoddD1_0xRZcFAcs-XGffqVnINIl9AnvBH477KhNWOJPBCVL_mzVIZjDIx7lkkvPnRWDK2KIfYhKDw4zVu1xaiquW79Rw06fJZ_09pPTLl6UW-vMAz_ZwZbwt8R4HzbJU3qTkQAws20XD0IC7yoERPYm21Xkf1e3PH8jYs=s1706 2x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEh16vEZ6PH-I-ZrsBFnWcCoddD1_0xRZcFAcs-XGffqVnINIl9AnvBH477KhNWOJPBCVL_mzVIZjDIx7lkkvPnRWDK2KIfYhKDw4zVu1xaiquW79Rw06fJZ_09pPTLl6UW-vMAz_ZwZbwt8R4HzbJU3qTkQAws20XD0IC7yoERPYm21Xkf1e3PH8jYs=s1706 3x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEh16vEZ6PH-I-ZrsBFnWcCoddD1_0xRZcFAcs-XGffqVnINIl9AnvBH477KhNWOJPBCVL_mzVIZjDIx7lkkvPnRWDK2KIfYhKDw4zVu1xaiquW79Rw06fJZ_09pPTLl6UW-vMAz_ZwZbwt8R4HzbJU3qTkQAws20XD0IC7yoERPYm21Xkf1e3PH8jYs=s1706 4x"},"classes":[]},{"id":35492,"url":"https:\/\/kalilinuxtutorials.com\/hellbunny\/","url_meta":{"origin":28058,"position":2},"title":"HellBunny : Advanced Shellcode Loader For EDR Evasio","author":"Varshini","date":"December 24, 2024","format":false,"excerpt":"HellBunny is a malleable shellcode loader written in C and Assembly utilizing direct and indirect syscalls for evading EDR hooks. It can be built as EXE, DLL, or XLL and offers a variety of QoL features that make it more adaptable. The purpose of this research project was to develop\u2026","rel":"","context":"In &quot;Malware&quot;","block_context":{"text":"Malware","link":"https:\/\/kalilinuxtutorials.com\/category\/malware\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjbCBsVm9kjeItUmtI4JM7YoR2p5cz8Gp8XDtpRbVU0cjTqIFWGHcWRr5gdrCUas_gOZRpDqzxN-iyIw7xSsTAgUtxmN2WAmNsDdo7aGCxVzH1sWydoQdzjAfDk37sSOL5piS5aD83S6rpLhFIsS13L1asitHJs3EAgMD_LWx-b7DlCdEDBpEL3QiiALX5Y\/s1600\/HellBunny%20.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjbCBsVm9kjeItUmtI4JM7YoR2p5cz8Gp8XDtpRbVU0cjTqIFWGHcWRr5gdrCUas_gOZRpDqzxN-iyIw7xSsTAgUtxmN2WAmNsDdo7aGCxVzH1sWydoQdzjAfDk37sSOL5piS5aD83S6rpLhFIsS13L1asitHJs3EAgMD_LWx-b7DlCdEDBpEL3QiiALX5Y\/s1600\/HellBunny%20.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjbCBsVm9kjeItUmtI4JM7YoR2p5cz8Gp8XDtpRbVU0cjTqIFWGHcWRr5gdrCUas_gOZRpDqzxN-iyIw7xSsTAgUtxmN2WAmNsDdo7aGCxVzH1sWydoQdzjAfDk37sSOL5piS5aD83S6rpLhFIsS13L1asitHJs3EAgMD_LWx-b7DlCdEDBpEL3QiiALX5Y\/s1600\/HellBunny%20.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjbCBsVm9kjeItUmtI4JM7YoR2p5cz8Gp8XDtpRbVU0cjTqIFWGHcWRr5gdrCUas_gOZRpDqzxN-iyIw7xSsTAgUtxmN2WAmNsDdo7aGCxVzH1sWydoQdzjAfDk37sSOL5piS5aD83S6rpLhFIsS13L1asitHJs3EAgMD_LWx-b7DlCdEDBpEL3QiiALX5Y\/s1600\/HellBunny%20.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjbCBsVm9kjeItUmtI4JM7YoR2p5cz8Gp8XDtpRbVU0cjTqIFWGHcWRr5gdrCUas_gOZRpDqzxN-iyIw7xSsTAgUtxmN2WAmNsDdo7aGCxVzH1sWydoQdzjAfDk37sSOL5piS5aD83S6rpLhFIsS13L1asitHJs3EAgMD_LWx-b7DlCdEDBpEL3QiiALX5Y\/s1600\/HellBunny%20.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjbCBsVm9kjeItUmtI4JM7YoR2p5cz8Gp8XDtpRbVU0cjTqIFWGHcWRr5gdrCUas_gOZRpDqzxN-iyIw7xSsTAgUtxmN2WAmNsDdo7aGCxVzH1sWydoQdzjAfDk37sSOL5piS5aD83S6rpLhFIsS13L1asitHJs3EAgMD_LWx-b7DlCdEDBpEL3QiiALX5Y\/s1600\/HellBunny%20.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":28923,"url":"https:\/\/kalilinuxtutorials.com\/shoggoth\/","url_meta":{"origin":28058,"position":3},"title":"Shoggoth &#8211; Asmjit Based Polymorphic Encryptor","author":"R K","date":"April 28, 2023","format":false,"excerpt":"Shoggoth is an open-source project based on C++ and asmjit library used to encrypt given shellcode, PE, and COFF files polymorphically. Shoggoth will generate an output file that stores the payload and its corresponding loader in an obfuscated form. Since the content of the output is position-independent, it can be\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhNbU3WEbhIcgLAGlUfNml8edasQdKFLcKxCpMs1RUN7nmtc6i4vo1B5s4wXmsHmVsQizbb08SfcDyvL2CwzpiThJ42ilbz8S3Ub2dHI-z_zIgIt-XlAJ_SO035l6EtvxlIVwpbHQAo2i2jY20x6ixWGqA0Vxik5tqgJ537kNZzcs_efCyGVv3EPsPg\/s16000\/kali%20temp%20%282%29.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhNbU3WEbhIcgLAGlUfNml8edasQdKFLcKxCpMs1RUN7nmtc6i4vo1B5s4wXmsHmVsQizbb08SfcDyvL2CwzpiThJ42ilbz8S3Ub2dHI-z_zIgIt-XlAJ_SO035l6EtvxlIVwpbHQAo2i2jY20x6ixWGqA0Vxik5tqgJ537kNZzcs_efCyGVv3EPsPg\/s16000\/kali%20temp%20%282%29.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhNbU3WEbhIcgLAGlUfNml8edasQdKFLcKxCpMs1RUN7nmtc6i4vo1B5s4wXmsHmVsQizbb08SfcDyvL2CwzpiThJ42ilbz8S3Ub2dHI-z_zIgIt-XlAJ_SO035l6EtvxlIVwpbHQAo2i2jY20x6ixWGqA0Vxik5tqgJ537kNZzcs_efCyGVv3EPsPg\/s16000\/kali%20temp%20%282%29.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhNbU3WEbhIcgLAGlUfNml8edasQdKFLcKxCpMs1RUN7nmtc6i4vo1B5s4wXmsHmVsQizbb08SfcDyvL2CwzpiThJ42ilbz8S3Ub2dHI-z_zIgIt-XlAJ_SO035l6EtvxlIVwpbHQAo2i2jY20x6ixWGqA0Vxik5tqgJ537kNZzcs_efCyGVv3EPsPg\/s16000\/kali%20temp%20%282%29.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":35413,"url":"https:\/\/kalilinuxtutorials.com\/hooka\/","url_meta":{"origin":28058,"position":4},"title":"Hooka : Advanced Shellcode Loader Generation With Enhanced Evasion Techniques","author":"Varshini","date":"December 9, 2024","format":false,"excerpt":"Hooka is able to generate shellcode loaders with multiple capabilities. It is also based on other tools like BokuLoader, Freeze or Shhhloader, and it tries to implement more evasion features. Why in Golang? Why not? Features This tool is able to generate loaders with this features: Multiple shellcode injection techniques:\u2026","rel":"","context":"In &quot;Exploitation Tools&quot;","block_context":{"text":"Exploitation Tools","link":"https:\/\/kalilinuxtutorials.com\/category\/et\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh1q82H7u4-OCqea0NREv05fAEws7ZYjswsEWKpQaw54CHMwp_pIgmsviPJMz85T88azhQNukGGjKvOFXz2nrrdS38l4XnisyPVzySoX1YeK0oirvrfsRFWPbih7oWhgfmEg4maiPcs1vyKFtAUAg6GrHBqCBcwj5ESDv8FhZUdjbOynhCeWsLGBWwNtWja\/s1600\/Hooka%20.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh1q82H7u4-OCqea0NREv05fAEws7ZYjswsEWKpQaw54CHMwp_pIgmsviPJMz85T88azhQNukGGjKvOFXz2nrrdS38l4XnisyPVzySoX1YeK0oirvrfsRFWPbih7oWhgfmEg4maiPcs1vyKFtAUAg6GrHBqCBcwj5ESDv8FhZUdjbOynhCeWsLGBWwNtWja\/s1600\/Hooka%20.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh1q82H7u4-OCqea0NREv05fAEws7ZYjswsEWKpQaw54CHMwp_pIgmsviPJMz85T88azhQNukGGjKvOFXz2nrrdS38l4XnisyPVzySoX1YeK0oirvrfsRFWPbih7oWhgfmEg4maiPcs1vyKFtAUAg6GrHBqCBcwj5ESDv8FhZUdjbOynhCeWsLGBWwNtWja\/s1600\/Hooka%20.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh1q82H7u4-OCqea0NREv05fAEws7ZYjswsEWKpQaw54CHMwp_pIgmsviPJMz85T88azhQNukGGjKvOFXz2nrrdS38l4XnisyPVzySoX1YeK0oirvrfsRFWPbih7oWhgfmEg4maiPcs1vyKFtAUAg6GrHBqCBcwj5ESDv8FhZUdjbOynhCeWsLGBWwNtWja\/s1600\/Hooka%20.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh1q82H7u4-OCqea0NREv05fAEws7ZYjswsEWKpQaw54CHMwp_pIgmsviPJMz85T88azhQNukGGjKvOFXz2nrrdS38l4XnisyPVzySoX1YeK0oirvrfsRFWPbih7oWhgfmEg4maiPcs1vyKFtAUAg6GrHBqCBcwj5ESDv8FhZUdjbOynhCeWsLGBWwNtWja\/s1600\/Hooka%20.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh1q82H7u4-OCqea0NREv05fAEws7ZYjswsEWKpQaw54CHMwp_pIgmsviPJMz85T88azhQNukGGjKvOFXz2nrrdS38l4XnisyPVzySoX1YeK0oirvrfsRFWPbih7oWhgfmEg4maiPcs1vyKFtAUAg6GrHBqCBcwj5ESDv8FhZUdjbOynhCeWsLGBWwNtWja\/s1600\/Hooka%20.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":7212,"url":"https:\/\/kalilinuxtutorials.com\/donut-x86-x64-or-amd64x86-shellcode\/","url_meta":{"origin":28058,"position":5},"title":"Donut : Generates x86, x64, or AMD64+x86 Position-Independent Shellcode","author":"R K","date":"November 11, 2019","format":false,"excerpt":"Donut generates x86 or x64 shellcode from VBScript, JScript, EXE, DLL (including .NET Assemblies) files. This shellcode can be injected into an arbitrary Windows processes for in-memory execution. Given a supported file type, parameters and an entry point where applicable (such as Program.Main), it produces position-independent shellcode that loads and\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/28058","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=28058"}],"version-history":[{"count":3,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/28058\/revisions"}],"predecessor-version":[{"id":28061,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/28058\/revisions\/28061"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/28062"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=28058"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=28058"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=28058"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}