Submit your favorite resources for free.

Recent
Pricing
Submit

Newsletter

Join the Community

Subscribe to our newsletter for the latest news and updates

Email

The Ultimate Directory for Offensive Security

Resources

Recent
Category

Home
Items
donut

donut

Donut generates position-independent shellcode to load .NET Assemblies, PE files, VBScript, and other Windows payloads from memory.

Visit Website Share on X

image of donut

Introduction

Information

Publisher
Admin
Websitegithub.com
Created date03/31/2025
Published date03/31/2025

Categories

Reverse Engineering
Exploit Development

Tags

Internal

More Resources

Listing

Pricing
FAQ
Submit

Pages

Home
Support
Sitemap
llms.txt

Company

About Us
Privacy Policy
Terms of Service

Copyright © 2026 All Rights Reserved.

image of IronPE

Exploit DevelopmentInfrastructure SecurityRed Team Operations

IronPE

Rust-based Windows PE manual loader supporting x86/x64. Implements manual mapping, base relocations, and import resolution for memory-based execution.

image of Lab401

Wireless SecurityPhysical SecurityRed Team OperationsReverse Engineering

Lab401

Premier hardware store for offensive security, providing Flipper Zero, Proxmark, Hak5 tools, SDR equipment, and specialized RFID cloning hardware.

Wireless Physical Internal

image of KittySploit Framework

Exploit DevelopmentReconnaissance

KittySploit Framework

KittySploit is a modular exploitation framework featuring a web proxy and AI-powered analysis to help red teams automate recon and vulnerability research.

Donut is a PIC (position-independent code) generator that allows running .NET Assemblies, EXE, DLL, VBScript, JScript files in-memory. It produces shellcode that can be injected into an arbitrary process. Key features include:

Compression of input files with aPLib and LZNT1, Xpress, Xpress Huffman via RtlCompressBuffer.
Using entropy for API hashes and generation of strings.
128-bit symmetric encryption of files.
Overwriting native PE headers.
Storing native PEs in MEM_IMAGE memory.
Patching Antimalware Scan Interface (AMSI) and Windows Lockdown Policy (WLDP).
Patching Event Tracing for Windows (ETW).
Multiple output formats: C, Ruby, Python, PowerShell, Base64, C#, Hexadecimal, and UUID string.

Donut is useful for red teams wanting to execute code in memory, bypassing traditional AV/EDR solutions. It supports HTTP staging and encryption to further evade detection.

donut - HackDB