Skip to content

SecurityAnalysts01/ShellCodeBypass

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
BypassAv_demo1
BypassAv_demo1
 
 
BypassAv_demo1_2
BypassAv_demo1_2
 
 
BypassAv_demo1_3
BypassAv_demo1_3
 
 
BypassAv_demo2
BypassAv_demo2
 
 
BypassAv_demo2_2
BypassAv_demo2_2
 
 
png
png
 
 
README.md
README.md
 
 

Repository files navigation

ShellCodeBypass

rust 免杀尝试

BypassAv_demo1

实现如下

  • BypassAv_demo1: uuid加载shellcode
  • BypassAv_demo1_2: 基础shellcode 执行
  • BypassAv_demo1_3: shellcode静态混淆加密 + 导入表混淆 + 禁用 Windows 事件跟踪,ETW禁用杀软和uuid加载器检测的比较频繁,最好不加

过360 火绒

vt检测出来了3个,加ETW禁用vt检测12个。。

BypassAv_demo2

  • BypassAv_demo2: 简单syscall示例,远程线程注入
  • BypassAv_demo2_1: syscall + apc注入

windows defender,卡巴,360,火绒运行时能成功上线,但后续的cs指令由于cs带有特征所以卡巴会检测出来。 成功上线

About

ShellcodeLoader(rust 免杀尝试)

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • Rust 48.1%
  • C 25.9%
  • Assembly 23.8%
  • Python 2.2%