Amber
MIT๐ฅ Offensive Ops ยท Go
Amber is a reflective PE packer written in Go that converts standard Windows PE (Portable Executable) files into position-independent shellcode payloads. It uses a reflective loading technique to execute PE files entirely in memory without writing them to disk, bypassing many traditional antivirus and endpoint detection mechanisms that rely on file-based scanning. Red team operators and exploit developers use Amber to prepare payloads for advanced adversary simulations, converting compiled executables into shellcode that can be injected into running processes or delivered through custom loaders. The tool supports both 32-bit and 64-bit PE files and can add custom stubs for additional evasion, making it a key component in payload development pipelines for authorized offensive engagements.
Tags
Details
- Category
- ๐ฅ Offensive Ops
- Language
- Go
- Repository
- EgeBalci/amber
- License
- MIT
- Platforms
- ๐งlinux๐macos๐ชwindows
Links
Community Reviews
No reviews yet. Be the first to review Amber.
More in Offensive Ops
Mythic
GoCollaborative, multi-platform C2 framework. Docker-based with web UI, multiple agent types, and plugin architecture.
Havoc
C/C++Modern C2 framework. Qt-based GUI, BOF support, custom agents, and a Cobalt Strike-inspired workflow.
Rubeus
C#C# toolset for raw Kerberos interaction and abuse. AS-REP roasting, Kerberoasting, ticket manipulation, delegation attacks.
Certipy
PythonActive Directory Certificate Services (AD CS) abuse tool. Find and exploit certificate template misconfigurations.
Coercer
PythonAutomatically find and exploit Windows authentication coercion vulnerabilities. PetitPotam, PrinterBug, and more.
SharpHound
C#Official BloodHound data collector. Enumerates Active Directory objects, sessions, ACLs, and trusts for graph analysis.