PEzor

PEzor is an open-source shellcode and Portal Executable (PE) packer designed to convert Windows executables into obfuscated, in-memory payloads. It wraps tools like Mimikatz and Donut—a utility that transforms .NET assemblies and PE files into position-independent, self-contained shellcode capable of running entirely in memory without touching disk. PEzor supports userland hook removal, anti-debugging, raw syscalls, XOR encoding, and customizable memory protections such as RX-only sections or dynamically changing access levels. It can output Donut-compatible shellcode, meaning payloads that follow Donut's format for in-memory execution, and supports reflective DLLs, stand-alone executables, beacon BOFs, and .NET loaders. PEzor is also fully compatible with Sliver’s execute-assembly feature.

Donut-style Shellcode

./PEzor.sh -unhook -antidebug -fluctuate=NA -format=dotnet -sleep=5 mimikatz.exe -z 2 -b 1 -p '"privilege::debug" "token::elevate" "sekurlsa::ekeys" "exit"'