This repo contains C and C++ snippets that can be handy in specific offensive scenarios. My experiments in weaponizing C for implant development and general offensive operations.
- Fine-grained control over memory, execution, and system calls.
- Zero dependencies or runtimes.
- Fully native – small and fast executables.
- Universal support on all OS platforms.
- Mature ecosystem and endless public code for adaptation.
- Perfect for porting payloads, PoCs, or prototyping implants.
- Critical in AV/EDR evasion due to its flexibility and low overhead.
| File | Description |
|---|---|
pop_msgbox.c |
Display a MessageBox via WinAPI |
amsi_bypass.c |
Patch AMSI in-memory for bypass |
etw_patch.c |
Disable ETW logging in-process |
create_remote_thread.c |
Inject shellcode into a remote process via CreateRemoteThread |
| File | Goal |
|---|---|
sleep_masking.c |
Implement sleep masking for sandbox evasion |
manual_mapping.c |
Load DLLs manually without using LoadLibrary |
indirect_syscalls.c |
Use indirect syscalls to evade user-mode hooks |
Shellcode Techniques:
- Shellcode runners with VirtualAlloc + CreateThread.
- Inline shellcode execution with __asm blocks.
- Techniques like XOR/RC4/BASE64 encoding for payloads.
Opsec Considerations:
- Avoid known bad APIs (e.g., WinExec, system).
- Implement indirect syscalls to bypass user-mode hooks.
- Use in-memory execution & no touching disk.
- Use callbacks and manual syscall invocation.
Anti-analysis & Evasion:
- ETW patching
- AMSI patching
- Sleep masking
- Unhooking APIs
- Encrypted strings