Skip to content
/ CallBack Public

Execute Mimikatz in shellcode format, uses native API VirtualAlloc and EnumSystemGeoID

8 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mobdk/CallBack

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
CallBack.cs
CallBack.cs
 
 
CallBack.exe
CallBack.exe
 
 
Mimikatz-64bit.txt
Mimikatz-64bit.txt
 
 
README.md
README.md
 
 

Repository files navigation

CallBack

Execute Mimikatz in shellcode format, uses native API VirtualAlloc and EnumSystemGeoID (64 bit)

Uses the 15 sec. delay I discovered in 2020 https://github.com/mobdk/Epsilon this bypass Windows Defender.

Compile: csc.exe /platform:x64 /target:exe /unsafe CallBack.cs

Insert Mimikatz shellcode with hex editor, copy the content of Mimikatz-64bit.txt where the string "A begins, remember to overwrite.

CallBack.exe is compiled version with embedded Mimikatz.

Video PoC: https://www.youtube.com/watch?v=8ym7ZRzkVK8

About

Execute Mimikatz in shellcode format, uses native API VirtualAlloc and EnumSystemGeoID

Resources

Readme
Activity

Stars

8 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages