This is a POC for the EarlyBird injection technique as named by Cyberbit. More details here: Hackers Found Using A New Code Injection Technique to Evade Detection
Use:
- Put the shellcode of your choice to the source file (the included one will pop cmd.exe)
- Recompile
- Run: EarlyBird.exe [any x64 binary]
This is a POC for the CtrlInjection found by enSilo: Ctrl-Inject
Use:
- Put the shellcode of your choice to the source file (the included one will pop calc)
- Recompile
- Run: EarlyBird.exe [PID of x64 Console Application which has a non default HandlerList (e.g.: cmd.exe)]