{"id":31874,"date":"2024-01-30T13:12:33","date_gmt":"2024-01-30T13:12:33","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=31874"},"modified":"2024-01-30T13:12:37","modified_gmt":"2024-01-30T13:12:37","slug":"execit","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/execit\/","title":{"rendered":"ExecIT – Unveiling A Fileless Execution Technique Ith Undetectable DLL Shellcode"},"content":{"rendered":"\n

DLL Shellcode self-inyector\/runner based on HWSyscalls, ideally thought to be executed with rundll32. May grant fileless execution if victim endpoint has access to attacker-controlled SMB share.<\/p>\n\n\n\n

It is designed for use with rundll32 and has the potential to enable fileless execution when accessing an attacker-controlled SMB share. <\/p>\n\n\n\n

The tool claims to be undetected by several EDR solutions but emphasizes ethical and lawful use<\/p>\n\n\n\n

<\/a>Usage<\/strong><\/h2>\n\n\n\n
rundll32.exe ExecIT.dll, HelperFunc, <path_to_file><\/code><\/pre>\n\n\n\n
Detection<\/strong><\/h2>\n\n\n\n
Currently it is fully undetected across all EDRs tested (depending on the shellcode) as of this commit.<\/p>\n\n\n\n
E.g., for Defender for Endpoint EDR:<\/p>\n\n\n
\n
\"\"\/<\/figure>\n<\/div>\n\n\n
Disclaimer<\/strong><\/h2>\n\n\n\n
The information\/files provided in this repository are strictly intended for educational and ethical purposes only. <\/p>\n\n\n\n
The techniques and tools are intended to be used in a lawful and responsible manner, with the explicit consent of the target system’s owner. <\/p>\n\n\n\n
Any unauthorized or malicious use of these techniques and tools is strictly prohibited and may result in legal consequences. <\/p>\n\n\n\n
I am not responsible for any damages or legal issues that may arise from the misuse of the information provided.<\/p>\n","protected":false},"excerpt":{"rendered":"
DLL Shellcode self-inyector\/runner based on HWSyscalls, ideally thought to be executed with rundll32. May grant fileless execution if victim endpoint has access to attacker-controlled SMB share. It is designed for use with rundll32 and has the potential to enable fileless execution when accessing an attacker-controlled SMB share. The tool claims to be undetected by several […]<\/p>\n","protected":false},"author":12,"featured_media":31883,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjVwXI20c7bMUNcMG01cIuRqXnOrkuOua_qL6J5NBkjc3erFeHCqp3n9iB2nhCU174BSOJ9AF9RoubYwVSlO0CZeytzTbuvlTKn2v28lm8ihxj0YdLbT1CkmrWEWJk9EorQAt2JUo-2F6rcb3dXoU8Hu_cb-0wN5G-kncMZmTBdp1wVV54fUId0N5hgGvmo\/s16000\/Untitled%20design%20(4).webp","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[20],"tags":[737,6525,6321,6052,6325],"class_list":["post-31874","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","tag-cybersecurity","tag-execit","tag-informationsecurity","tag-kalilinux","tag-kalilinuxtools"],"yoast_head":"\nExecIT - Unveiling A Fileless Execution Technique Ith Undetectabl<\/title>\n<meta name=\"description\" content=\"DLL Shellcode self-inyector\/runner based on HWSyscalls, ideally thought to be executed with rundll32. May grant fileless execution if\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/execit\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ExecIT - Unveiling A Fileless Execution Technique Ith Undetectabl\" \/>\n<meta property=\"og:description\" content=\"DLL Shellcode self-inyector\/runner based on HWSyscalls, ideally thought to be executed with rundll32. May grant fileless execution if\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/execit\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-30T13:12:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-30T13:12:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjVwXI20c7bMUNcMG01cIuRqXnOrkuOua_qL6J5NBkjc3erFeHCqp3n9iB2nhCU174BSOJ9AF9RoubYwVSlO0CZeytzTbuvlTKn2v28lm8ihxj0YdLbT1CkmrWEWJk9EorQAt2JUo-2F6rcb3dXoU8Hu_cb-0wN5G-kncMZmTBdp1wVV54fUId0N5hgGvmo\/s16000\/Untitled%20design%20(4).webp\" \/>\n<meta name=\"author\" content=\"Varshini\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjVwXI20c7bMUNcMG01cIuRqXnOrkuOua_qL6J5NBkjc3erFeHCqp3n9iB2nhCU174BSOJ9AF9RoubYwVSlO0CZeytzTbuvlTKn2v28lm8ihxj0YdLbT1CkmrWEWJk9EorQAt2JUo-2F6rcb3dXoU8Hu_cb-0wN5G-kncMZmTBdp1wVV54fUId0N5hgGvmo\/s16000\/Untitled%20design%20(4).webp\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Varshini\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/execit\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/execit\/\"},\"author\":{\"name\":\"Varshini\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa\"},\"headline\":\"ExecIT – Unveiling A Fileless Execution Technique Ith Undetectable DLL Shellcode\",\"datePublished\":\"2024-01-30T13:12:33+00:00\",\"dateModified\":\"2024-01-30T13:12:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/execit\/\"},\"wordCount\":182,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/execit\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjVwXI20c7bMUNcMG01cIuRqXnOrkuOua_qL6J5NBkjc3erFeHCqp3n9iB2nhCU174BSOJ9AF9RoubYwVSlO0CZeytzTbuvlTKn2v28lm8ihxj0YdLbT1CkmrWEWJk9EorQAt2JUo-2F6rcb3dXoU8Hu_cb-0wN5G-kncMZmTBdp1wVV54fUId0N5hgGvmo\/s16000\/Untitled%20design%20(4).webp\",\"keywords\":[\"cybersecurity\",\"ExecIT\",\"informationsecurity\",\"kalilinux\",\"kalilinuxtools\"],\"articleSection\":[\"Cyber security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/execit\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/execit\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/execit\/\",\"name\":\"ExecIT - Unveiling A Fileless Execution Technique Ith Undetectabl\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/execit\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/execit\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjVwXI20c7bMUNcMG01cIuRqXnOrkuOua_qL6J5NBkjc3erFeHCqp3n9iB2nhCU174BSOJ9AF9RoubYwVSlO0CZeytzTbuvlTKn2v28lm8ihxj0YdLbT1CkmrWEWJk9EorQAt2JUo-2F6rcb3dXoU8Hu_cb-0wN5G-kncMZmTBdp1wVV54fUId0N5hgGvmo\/s16000\/Untitled%20design%20(4).webp\",\"datePublished\":\"2024-01-30T13:12:33+00:00\",\"dateModified\":\"2024-01-30T13:12:37+00:00\",\"description\":\"DLL Shellcode self-inyector\/runner based on HWSyscalls, ideally thought to be executed with rundll32. May grant fileless execution if\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/execit\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/execit\/#primaryimage\",\"url\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjVwXI20c7bMUNcMG01cIuRqXnOrkuOua_qL6J5NBkjc3erFeHCqp3n9iB2nhCU174BSOJ9AF9RoubYwVSlO0CZeytzTbuvlTKn2v28lm8ihxj0YdLbT1CkmrWEWJk9EorQAt2JUo-2F6rcb3dXoU8Hu_cb-0wN5G-kncMZmTBdp1wVV54fUId0N5hgGvmo\/s16000\/Untitled%20design%20(4).webp\",\"contentUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjVwXI20c7bMUNcMG01cIuRqXnOrkuOua_qL6J5NBkjc3erFeHCqp3n9iB2nhCU174BSOJ9AF9RoubYwVSlO0CZeytzTbuvlTKn2v28lm8ihxj0YdLbT1CkmrWEWJk9EorQAt2JUo-2F6rcb3dXoU8Hu_cb-0wN5G-kncMZmTBdp1wVV54fUId0N5hgGvmo\/s16000\/Untitled%20design%20(4).webp\",\"width\":\"1600\",\"height\":\"900\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa\",\"name\":\"Varshini\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g\",\"caption\":\"Varshini\"},\"description\":\"Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.\",\"sameAs\":[\"http:\/\/kalilinuxtutorials.com\",\"https:\/\/www.linkedin.com\/in\/senthamil-selvan-14043a285\/\"],\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/vinayakagrawal\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ExecIT - Unveiling A Fileless Execution Technique Ith Undetectabl","description":"DLL Shellcode self-inyector\/runner based on HWSyscalls, ideally thought to be executed with rundll32. May grant fileless execution if","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/execit\/","og_locale":"en_US","og_type":"article","og_title":"ExecIT - Unveiling A Fileless Execution Technique Ith Undetectabl","og_description":"DLL Shellcode self-inyector\/runner based on HWSyscalls, ideally thought to be executed with rundll32. May grant fileless execution if","og_url":"https:\/\/kalilinuxtutorials.com\/execit\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2024-01-30T13:12:33+00:00","article_modified_time":"2024-01-30T13:12:37+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjVwXI20c7bMUNcMG01cIuRqXnOrkuOua_qL6J5NBkjc3erFeHCqp3n9iB2nhCU174BSOJ9AF9RoubYwVSlO0CZeytzTbuvlTKn2v28lm8ihxj0YdLbT1CkmrWEWJk9EorQAt2JUo-2F6rcb3dXoU8Hu_cb-0wN5G-kncMZmTBdp1wVV54fUId0N5hgGvmo\/s16000\/Untitled%20design%20(4).webp","type":"","width":"","height":""}],"author":"Varshini","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjVwXI20c7bMUNcMG01cIuRqXnOrkuOua_qL6J5NBkjc3erFeHCqp3n9iB2nhCU174BSOJ9AF9RoubYwVSlO0CZeytzTbuvlTKn2v28lm8ihxj0YdLbT1CkmrWEWJk9EorQAt2JUo-2F6rcb3dXoU8Hu_cb-0wN5G-kncMZmTBdp1wVV54fUId0N5hgGvmo\/s16000\/Untitled%20design%20(4).webp","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"Varshini","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/execit\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/execit\/"},"author":{"name":"Varshini","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa"},"headline":"ExecIT – Unveiling A Fileless Execution Technique Ith Undetectable DLL Shellcode","datePublished":"2024-01-30T13:12:33+00:00","dateModified":"2024-01-30T13:12:37+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/execit\/"},"wordCount":182,"commentCount":0,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/execit\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjVwXI20c7bMUNcMG01cIuRqXnOrkuOua_qL6J5NBkjc3erFeHCqp3n9iB2nhCU174BSOJ9AF9RoubYwVSlO0CZeytzTbuvlTKn2v28lm8ihxj0YdLbT1CkmrWEWJk9EorQAt2JUo-2F6rcb3dXoU8Hu_cb-0wN5G-kncMZmTBdp1wVV54fUId0N5hgGvmo\/s16000\/Untitled%20design%20(4).webp","keywords":["cybersecurity","ExecIT","informationsecurity","kalilinux","kalilinuxtools"],"articleSection":["Cyber security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kalilinuxtutorials.com\/execit\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/execit\/","url":"https:\/\/kalilinuxtutorials.com\/execit\/","name":"ExecIT - Unveiling A Fileless Execution Technique Ith Undetectabl","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/execit\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/execit\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjVwXI20c7bMUNcMG01cIuRqXnOrkuOua_qL6J5NBkjc3erFeHCqp3n9iB2nhCU174BSOJ9AF9RoubYwVSlO0CZeytzTbuvlTKn2v28lm8ihxj0YdLbT1CkmrWEWJk9EorQAt2JUo-2F6rcb3dXoU8Hu_cb-0wN5G-kncMZmTBdp1wVV54fUId0N5hgGvmo\/s16000\/Untitled%20design%20(4).webp","datePublished":"2024-01-30T13:12:33+00:00","dateModified":"2024-01-30T13:12:37+00:00","description":"DLL Shellcode self-inyector\/runner based on HWSyscalls, ideally thought to be executed with rundll32. May grant fileless execution if","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/execit\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/execit\/#primaryimage","url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjVwXI20c7bMUNcMG01cIuRqXnOrkuOua_qL6J5NBkjc3erFeHCqp3n9iB2nhCU174BSOJ9AF9RoubYwVSlO0CZeytzTbuvlTKn2v28lm8ihxj0YdLbT1CkmrWEWJk9EorQAt2JUo-2F6rcb3dXoU8Hu_cb-0wN5G-kncMZmTBdp1wVV54fUId0N5hgGvmo\/s16000\/Untitled%20design%20(4).webp","contentUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjVwXI20c7bMUNcMG01cIuRqXnOrkuOua_qL6J5NBkjc3erFeHCqp3n9iB2nhCU174BSOJ9AF9RoubYwVSlO0CZeytzTbuvlTKn2v28lm8ihxj0YdLbT1CkmrWEWJk9EorQAt2JUo-2F6rcb3dXoU8Hu_cb-0wN5G-kncMZmTBdp1wVV54fUId0N5hgGvmo\/s16000\/Untitled%20design%20(4).webp","width":"1600","height":"900"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa","name":"Varshini","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g","caption":"Varshini"},"description":"Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.","sameAs":["http:\/\/kalilinuxtutorials.com","https:\/\/www.linkedin.com\/in\/senthamil-selvan-14043a285\/"],"url":"https:\/\/kalilinuxtutorials.com\/author\/vinayakagrawal\/"}]}},"jetpack_featured_media_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjVwXI20c7bMUNcMG01cIuRqXnOrkuOua_qL6J5NBkjc3erFeHCqp3n9iB2nhCU174BSOJ9AF9RoubYwVSlO0CZeytzTbuvlTKn2v28lm8ihxj0YdLbT1CkmrWEWJk9EorQAt2JUo-2F6rcb3dXoU8Hu_cb-0wN5G-kncMZmTBdp1wVV54fUId0N5hgGvmo\/s16000\/Untitled%20design%20(4).webp","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":5353,"url":"https:\/\/kalilinuxtutorials.com\/salsa-tools-shellreverse\/","url_meta":{"origin":31874,"position":0},"title":"Salsa Tools : ShellReverse TCP\/UDP\/ICMP\/DNS\/SSL\/BINDTCP & AV Bypass, AMSI Patched","author":"R K","date":"June 15, 2019","format":false,"excerpt":"Salsa Tools is a collection of three different tools that combined, allows you to get a reverse shell on steroids in any Windows environment without even needing PowerShell for it's execution. In order to avoid the latest detection techniques (AMSI), most of the components were initially written on C#. Salsa\u2026","rel":"","context":"In "Kali Linux"","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":19523,"url":"https:\/\/kalilinuxtutorials.com\/powershx-2\/","url_meta":{"origin":31874,"position":1},"title":"PowerShx : Run Powershell Without Software Restrictions","author":"R K","date":"October 25, 2021","format":false,"excerpt":"PowerShx is a rewrite and expansion on the\u00a0PowerShdll\u00a0project. PowerShx provide functionalities for bypassing AMSI and running PS Cmdlets. Features Run Powershell with DLLs using rundll32.exe, installutil.exe, regsvcs.exe or regasm.exe, regsvr32.exe.Run Powershell without powershell.exe or powershell_ise.exeAMSI Bypass features.Run Powershell scripts directly from the command line or Powershell filesImport Powershell modules and\u2026","rel":"","context":"In "Kali Linux"","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEhsVH5qw1nRdrMZBuPN3nRiI3spAMlE0n7BnSJg6zERW6rhEaKfJ9dglHJCUKUiWh8QBgCopLI25ZSTNoIpkVEhuRMdsA2oREe_m_N8hBj6hYK6tGyc0FwmPy4SpRiTCk7PthXK5gTXHLi4iF1U1OuUqxG_wIwOk6GQw_EES4JrsyzdQ8nPfyl6uXcS=s978","width":350,"height":200,"srcset":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEhsVH5qw1nRdrMZBuPN3nRiI3spAMlE0n7BnSJg6zERW6rhEaKfJ9dglHJCUKUiWh8QBgCopLI25ZSTNoIpkVEhuRMdsA2oREe_m_N8hBj6hYK6tGyc0FwmPy4SpRiTCk7PthXK5gTXHLi4iF1U1OuUqxG_wIwOk6GQw_EES4JrsyzdQ8nPfyl6uXcS=s978 1x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEhsVH5qw1nRdrMZBuPN3nRiI3spAMlE0n7BnSJg6zERW6rhEaKfJ9dglHJCUKUiWh8QBgCopLI25ZSTNoIpkVEhuRMdsA2oREe_m_N8hBj6hYK6tGyc0FwmPy4SpRiTCk7PthXK5gTXHLi4iF1U1OuUqxG_wIwOk6GQw_EES4JrsyzdQ8nPfyl6uXcS=s978 1.5x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEhsVH5qw1nRdrMZBuPN3nRiI3spAMlE0n7BnSJg6zERW6rhEaKfJ9dglHJCUKUiWh8QBgCopLI25ZSTNoIpkVEhuRMdsA2oREe_m_N8hBj6hYK6tGyc0FwmPy4SpRiTCk7PthXK5gTXHLi4iF1U1OuUqxG_wIwOk6GQw_EES4JrsyzdQ8nPfyl6uXcS=s978 2x"},"classes":[]},{"id":19893,"url":"https:\/\/kalilinuxtutorials.com\/powershx\/","url_meta":{"origin":31874,"position":2},"title":"PowerShx : Run Powershell Without Software Restrictions","author":"R K","date":"November 8, 2021","format":false,"excerpt":"PowerShx is a rewrite and expansion on the\u00a0PowerShdll\u00a0project. PowerShx provide functionalities for bypassing AMSI and running PS Cmdlets. Features Run Powershell with DLLs using rundll32.exe, installutil.exe, regsvcs.exe or regasm.exe, regsvr32.exe.Run Powershell without powershell.exe or powershell_ise.exeAMSI Bypass features.Run Powershell scripts directly from the command line or Powershell filesImport Powershell modules and\u2026","rel":"","context":"In "Kali Linux"","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEjvhCMisufwH_9ygaNxDXAEO0hw7oKd0yFFjfvRD_g8yalNy9NnrcnjlLuRD6eb3df1qvGbW859rwUlhITawN3jMywy_q733QyRlK8viZI-y130rWQcfRUgN41ExP1bA0KZraPijAEp9cX2XRc1fRa2fa7B9cojLTOgdQCTlhTAaNOKmwB0s49HYnmq=s707","width":350,"height":200,"srcset":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEjvhCMisufwH_9ygaNxDXAEO0hw7oKd0yFFjfvRD_g8yalNy9NnrcnjlLuRD6eb3df1qvGbW859rwUlhITawN3jMywy_q733QyRlK8viZI-y130rWQcfRUgN41ExP1bA0KZraPijAEp9cX2XRc1fRa2fa7B9cojLTOgdQCTlhTAaNOKmwB0s49HYnmq=s707 1x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEjvhCMisufwH_9ygaNxDXAEO0hw7oKd0yFFjfvRD_g8yalNy9NnrcnjlLuRD6eb3df1qvGbW859rwUlhITawN3jMywy_q733QyRlK8viZI-y130rWQcfRUgN41ExP1bA0KZraPijAEp9cX2XRc1fRa2fa7B9cojLTOgdQCTlhTAaNOKmwB0s49HYnmq=s707 1.5x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEjvhCMisufwH_9ygaNxDXAEO0hw7oKd0yFFjfvRD_g8yalNy9NnrcnjlLuRD6eb3df1qvGbW859rwUlhITawN3jMywy_q733QyRlK8viZI-y130rWQcfRUgN41ExP1bA0KZraPijAEp9cX2XRc1fRa2fa7B9cojLTOgdQCTlhTAaNOKmwB0s49HYnmq=s707 2x"},"classes":[]},{"id":30826,"url":"https:\/\/kalilinuxtutorials.com\/latloader\/","url_meta":{"origin":31874,"position":3},"title":"LatLoader – Evading Elastic EDR In Lateral Movement","author":"Varshini","date":"October 13, 2023","format":false,"excerpt":"LatLoader is a PoC module to demonstrate automated lateral movement with the Havoc C2 framework. The main purpose of this project is to help others learn BOF and Havoc module development. This project can also help others understand basic EDR rule evasions, particularly when performing lateral movement. The\u00a0sideload\u00a0subcommand is the\u2026","rel":"","context":"In "Cyber security"","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhmfAlWQ_O-lIPkLb335gVQYf8yrNUVmuNxcvJUl0XeIbUMDRcZGdgPUBD3INJEvIgDAFnt60oyoPxC8VZfakk2Phs0VIJwawHwQuCDSKQPIlneZyOTkEfjq4_z6qYMxmS4BQcF8pc-WWfOWGYqXO5BTkAVkRptZVeTM-HqLInLRwGZjWaEtg4hhnZpiw\/s16000\/LatLoader.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhmfAlWQ_O-lIPkLb335gVQYf8yrNUVmuNxcvJUl0XeIbUMDRcZGdgPUBD3INJEvIgDAFnt60oyoPxC8VZfakk2Phs0VIJwawHwQuCDSKQPIlneZyOTkEfjq4_z6qYMxmS4BQcF8pc-WWfOWGYqXO5BTkAVkRptZVeTM-HqLInLRwGZjWaEtg4hhnZpiw\/s16000\/LatLoader.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhmfAlWQ_O-lIPkLb335gVQYf8yrNUVmuNxcvJUl0XeIbUMDRcZGdgPUBD3INJEvIgDAFnt60oyoPxC8VZfakk2Phs0VIJwawHwQuCDSKQPIlneZyOTkEfjq4_z6qYMxmS4BQcF8pc-WWfOWGYqXO5BTkAVkRptZVeTM-HqLInLRwGZjWaEtg4hhnZpiw\/s16000\/LatLoader.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhmfAlWQ_O-lIPkLb335gVQYf8yrNUVmuNxcvJUl0XeIbUMDRcZGdgPUBD3INJEvIgDAFnt60oyoPxC8VZfakk2Phs0VIJwawHwQuCDSKQPIlneZyOTkEfjq4_z6qYMxmS4BQcF8pc-WWfOWGYqXO5BTkAVkRptZVeTM-HqLInLRwGZjWaEtg4hhnZpiw\/s16000\/LatLoader.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhmfAlWQ_O-lIPkLb335gVQYf8yrNUVmuNxcvJUl0XeIbUMDRcZGdgPUBD3INJEvIgDAFnt60oyoPxC8VZfakk2Phs0VIJwawHwQuCDSKQPIlneZyOTkEfjq4_z6qYMxmS4BQcF8pc-WWfOWGYqXO5BTkAVkRptZVeTM-HqLInLRwGZjWaEtg4hhnZpiw\/s16000\/LatLoader.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhmfAlWQ_O-lIPkLb335gVQYf8yrNUVmuNxcvJUl0XeIbUMDRcZGdgPUBD3INJEvIgDAFnt60oyoPxC8VZfakk2Phs0VIJwawHwQuCDSKQPIlneZyOTkEfjq4_z6qYMxmS4BQcF8pc-WWfOWGYqXO5BTkAVkRptZVeTM-HqLInLRwGZjWaEtg4hhnZpiw\/s16000\/LatLoader.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":21579,"url":"https:\/\/kalilinuxtutorials.com\/fileless-xec\/","url_meta":{"origin":31874,"position":4},"title":"Fileless-Xec : Stealth Dropper Executing Remote Binaries Without Dropping Them On Disk","author":"R K","date":"February 7, 2022","format":false,"excerpt":"Fileless-Xec is a Stealth Dropper Executing Remote Binaries Without Dropping Them On Disk Pentest use:\u00a0fileless-xec\u00a0is used on target machine to stealthy execute a binary file located on attacker machine Short story fileless-xec\u00a0enable us to execute a remote binary on a local machine directly from memory without dropping them on disk\u2026","rel":"","context":"In "Kali Linux"","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEg1m-Vylnb0A_Yx1JWmDXKb7WkdwK7zmA8NmnJKV60kFCbw_MLFxlBve_oLdhcUTVyIr9OSfO_LvISnVhg9gI8SL9i2CXkC5TBW8MMuvHIEPj2giAjl4fpWws3qQJraL6t0JkOibns5jXvuSrvRA55AfFEJOkOeZ_50gT0VS1UAeqht49Jw5rTYm8QR=s909","width":350,"height":200,"srcset":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEg1m-Vylnb0A_Yx1JWmDXKb7WkdwK7zmA8NmnJKV60kFCbw_MLFxlBve_oLdhcUTVyIr9OSfO_LvISnVhg9gI8SL9i2CXkC5TBW8MMuvHIEPj2giAjl4fpWws3qQJraL6t0JkOibns5jXvuSrvRA55AfFEJOkOeZ_50gT0VS1UAeqht49Jw5rTYm8QR=s909 1x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEg1m-Vylnb0A_Yx1JWmDXKb7WkdwK7zmA8NmnJKV60kFCbw_MLFxlBve_oLdhcUTVyIr9OSfO_LvISnVhg9gI8SL9i2CXkC5TBW8MMuvHIEPj2giAjl4fpWws3qQJraL6t0JkOibns5jXvuSrvRA55AfFEJOkOeZ_50gT0VS1UAeqht49Jw5rTYm8QR=s909 1.5x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEg1m-Vylnb0A_Yx1JWmDXKb7WkdwK7zmA8NmnJKV60kFCbw_MLFxlBve_oLdhcUTVyIr9OSfO_LvISnVhg9gI8SL9i2CXkC5TBW8MMuvHIEPj2giAjl4fpWws3qQJraL6t0JkOibns5jXvuSrvRA55AfFEJOkOeZ_50gT0VS1UAeqht49Jw5rTYm8QR=s909 2x"},"classes":[]},{"id":35492,"url":"https:\/\/kalilinuxtutorials.com\/hellbunny\/","url_meta":{"origin":31874,"position":5},"title":"HellBunny : Advanced Shellcode Loader For EDR Evasio","author":"Varshini","date":"December 24, 2024","format":false,"excerpt":"HellBunny is a malleable shellcode loader written in C and Assembly utilizing direct and indirect syscalls for evading EDR hooks. It can be built as EXE, DLL, or XLL and offers a variety of QoL features that make it more adaptable. The purpose of this research project was to develop\u2026","rel":"","context":"In "Malware"","block_context":{"text":"Malware","link":"https:\/\/kalilinuxtutorials.com\/category\/malware\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjbCBsVm9kjeItUmtI4JM7YoR2p5cz8Gp8XDtpRbVU0cjTqIFWGHcWRr5gdrCUas_gOZRpDqzxN-iyIw7xSsTAgUtxmN2WAmNsDdo7aGCxVzH1sWydoQdzjAfDk37sSOL5piS5aD83S6rpLhFIsS13L1asitHJs3EAgMD_LWx-b7DlCdEDBpEL3QiiALX5Y\/s1600\/HellBunny%20.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjbCBsVm9kjeItUmtI4JM7YoR2p5cz8Gp8XDtpRbVU0cjTqIFWGHcWRr5gdrCUas_gOZRpDqzxN-iyIw7xSsTAgUtxmN2WAmNsDdo7aGCxVzH1sWydoQdzjAfDk37sSOL5piS5aD83S6rpLhFIsS13L1asitHJs3EAgMD_LWx-b7DlCdEDBpEL3QiiALX5Y\/s1600\/HellBunny%20.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjbCBsVm9kjeItUmtI4JM7YoR2p5cz8Gp8XDtpRbVU0cjTqIFWGHcWRr5gdrCUas_gOZRpDqzxN-iyIw7xSsTAgUtxmN2WAmNsDdo7aGCxVzH1sWydoQdzjAfDk37sSOL5piS5aD83S6rpLhFIsS13L1asitHJs3EAgMD_LWx-b7DlCdEDBpEL3QiiALX5Y\/s1600\/HellBunny%20.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjbCBsVm9kjeItUmtI4JM7YoR2p5cz8Gp8XDtpRbVU0cjTqIFWGHcWRr5gdrCUas_gOZRpDqzxN-iyIw7xSsTAgUtxmN2WAmNsDdo7aGCxVzH1sWydoQdzjAfDk37sSOL5piS5aD83S6rpLhFIsS13L1asitHJs3EAgMD_LWx-b7DlCdEDBpEL3QiiALX5Y\/s1600\/HellBunny%20.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjbCBsVm9kjeItUmtI4JM7YoR2p5cz8Gp8XDtpRbVU0cjTqIFWGHcWRr5gdrCUas_gOZRpDqzxN-iyIw7xSsTAgUtxmN2WAmNsDdo7aGCxVzH1sWydoQdzjAfDk37sSOL5piS5aD83S6rpLhFIsS13L1asitHJs3EAgMD_LWx-b7DlCdEDBpEL3QiiALX5Y\/s1600\/HellBunny%20.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjbCBsVm9kjeItUmtI4JM7YoR2p5cz8Gp8XDtpRbVU0cjTqIFWGHcWRr5gdrCUas_gOZRpDqzxN-iyIw7xSsTAgUtxmN2WAmNsDdo7aGCxVzH1sWydoQdzjAfDk37sSOL5piS5aD83S6rpLhFIsS13L1asitHJs3EAgMD_LWx-b7DlCdEDBpEL3QiiALX5Y\/s1600\/HellBunny%20.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/31874","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=31874"}],"version-history":[{"count":2,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/31874\/revisions"}],"predecessor-version":[{"id":31881,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/31874\/revisions\/31881"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/31883"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=31874"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=31874"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=31874"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}