May 23, 2022

A poc of using the tech with syscalls on powershell.exe.
Injection of cobalt strike shellcode to powershell.exe using the EarlyBird Tech.


  1. Select a profile picture of choice.
  2. Generate a x64 https shellcode (in C format).
  3. Paste the code in and execute it using Python2
  4. Copy and paste the output in
  5. If the key was changed, change it in main.cpp as well.


The intended use for the tool is strictly educational and should not be used for any other purpose.

Download Link:

Leave a Reply

Your email address will not be published.