offensive-shellcode
Fail
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides a functional Python script that utilizes the 'keystone-engine' to assemble x64 assembly code and uses the 'ctypes' library to execute the resulting machine code directly in memory using Windows APIs like 'VirtualAlloc' and 'CreateThread'.
- [DATA_EXFILTRATION]: The provided assembly example implements a reverse shell payload that connects to a hardcoded remote IP address (172.31.6.49) and port (443), which allows for unauthorized remote access, command execution, and data theft.
- [COMMAND_EXECUTION]: The documentation details several process injection and evasion techniques, including APC injection, thread hijacking, and indirect syscalls, which are used to execute malicious payloads while hiding from security monitoring tools.
- [EXTERNAL_DOWNLOADS]: The skill references and links to numerous external offensive security tools and repositories on GitHub, such as 'Donut', 'ScareCrow', and 'DripLoader', which are specifically designed to facilitate malware delivery and detection evasion.
Recommendations
- AI detected serious security threats
Audit Metadata