You are currently viewing EarlyBird

A poc of using the tech with syscalls on powershell.exe.
Injection of cobalt strike shellcode to powershell.exe using the EarlyBird Tech.


  1. Select a profile picture of choice.
  2. Generate a x64 https shellcode (in C format).
  3. Paste the code in encoder.py and execute it using Python2
  4. Copy and paste the output in https://github.com/ORCA666/EarlyBird/blob/c6be7c912cdaad15b358c44b734c4118e70cb2dd/APC-Injection_updated/main.c#L157
  5. If the key was changed, change it in main.cpp as well.


The intended use for the tool is strictly educational and should not be used for any other purpose.

Download Link: https://github.com/ORCA666/EarlyBird

Leave a Reply