Doge-MemX

🐸Frog For Automatic Scan
🐶Doge For Defense Evasion & Offensive Security

Doge-MemX

Golang implementation of Reflective load PE from memory

Only Supports x64 unmanaged PE

Supports Zip file ,auto unzip

sleep to bypass Windows Defender

ETW bypass & AMSI bypass (default not use)

Usage

change black list https://github.com/timwhitez/Doge-MemX/blob/main/main.go#L349

blacklist := []string{
		//warning!! may cause panic!
		}

change arguments https://github.com/timwhitez/Doge-MemX/blob/main/main.go#L404

tmpArgs := []string{"coffee"}

new Thread or not https://github.com/timwhitez/Doge-MemX/blob/main/main.go#L409

//peLoader(&shellcode,"syscall")
peLoader(&shellcode,"createthread")

go build
run

Usage:
        Doge-MemX.exe mimikatz.exe
	Doge-MemX.exe mimikatz.zip

Limitations

Reflect-pe only works for x64 dynamic executables.

Reflect-pe only works for x64 unmanaged PE

It's not stable.

References

https://github.com/frkngksl/Huan

https://github.com/ayoul3/reflect-pe

https://github.com/Binject/debug

https://github.com/Binject/universal

Name		Name	Last commit message	Last commit date
Latest commit History 47 Commits
args		args
lib		lib
README.md		README.md
go.mod		go.mod
go.sum		go.sum
main.go		main.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Doge-MemX

Usage

Limitations

References

🚀Star Trend

About

Releases

Packages

Languages

timwhitez/Doge-MemX

Folders and files

Latest commit

History

Repository files navigation

Doge-MemX

Usage

Limitations

References

🚀Star Trend

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages