GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → EgeBalci → Amber

EgeBalci / Amber

Licence: mit
Reflective PE packer.

Programming Languages

go
31211 projects - #10 most used programming language
assembly
5116 projects
shellcode
44 projects

Labels

packerpayloadstubpe

Projects that are alternatives of or similar to Amber

Runpe In Memory
Run a Exe File (PE Module) in memory (like an Application Loader)
Stars: ✭ 249 (-58.08%)
Mutual labels:  packer, pe
HatVenom
HatVenom is a HatSploit native powerful payload generation tool that provides support for all common platforms and architectures.
Stars: ✭ 84 (-85.86%)
Mutual labels:  pe, payload
pakkero
Pakkero is a binary packer written in Go made for fun and educational purpose. Its main goal is to take in input a program file (elf binary, script, even appimage) and compress it, protect it from tampering and intrusion.
Stars: ✭ 143 (-75.93%)
Mutual labels:  packer, payload
Cloak
Cloak can backdoor any python script with some tricks.
Stars: ✭ 411 (-30.81%)
Mutual labels:  payload
Bearparser
Portable Executable parsing library (from PE-bear)
Stars: ✭ 415 (-30.13%)
Mutual labels:  pe
Swiftmockgeneratorforxcode
An Xcode extension (plugin) to generate Swift test doubles automatically.
Stars: ✭ 522 (-12.12%)
Mutual labels:  stub
Rop Tool
A tool to help you write binary exploits
Stars: ✭ 590 (-0.67%)
Mutual labels:  pe
.net Obfuscator
Lists of .NET Obfuscator (Free, Trial, Paid and Open Source )
Stars: ✭ 392 (-34.01%)
Mutual labels:  packer
Juicebox
A virtual machine designed for programming workshops.
Stars: ✭ 533 (-10.27%)
Mutual labels:  packer
Packer Templates
Packer templates for Vagrant base boxes
Stars: ✭ 471 (-20.71%)
Mutual labels:  packer
Chimera
Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
Stars: ✭ 463 (-22.05%)
Mutual labels:  payload
Ehtools
Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.
Stars: ✭ 422 (-28.96%)
Mutual labels:  payload
Ohhttpstubs
Stub your network requests easily! Test your apps with fake network data and custom response time, response code and headers!
Stars: ✭ 4,831 (+713.3%)
Mutual labels:  stub
Torat
ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication
Stars: ✭ 415 (-30.13%)
Mutual labels:  payload
Payloadsallthethings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+5440.24%)
Mutual labels:  payload
Backdoorppt
transform your payload.exe into one fake word doc (.ppt)
Stars: ✭ 397 (-33.16%)
Mutual labels:  payload
Packer Builder Vsphere
Packer plugin for remote builds on VMware vSphere
Stars: ✭ 531 (-10.61%)
Mutual labels:  packer
Packer.nvim
A use-package inspired plugin manager for Neovim. Uses native packages, supports Luarocks dependencies, written in Lua, allows for expressive config
Stars: ✭ 418 (-29.63%)
Mutual labels:  packer
Dissection
The dissection of a simple "hello world" ELF binary.
Stars: ✭ 427 (-28.11%)
Mutual labels:  pe
Packer Boxes
Jeff Geerling's Packer build configurations for Vagrant boxes.
Stars: ✭ 495 (-16.67%)
Mutual labels:  packer
View All Similar Projects ➔


Inroduction

Amber is a position-independent(reflective) PE loader that enables in-memory execution of native PE files(EXE, DLL, SYS...). It enables stealthy in-memory payload deployment that can be used to bypass anti-virus, firewall, IDS, IPS products, and application white-listing mitigations. Reflective payloads generated by Amber can either be staged from a remote server or executed directly in memory much like a generic shellcode. By default, every generated payload is encoded using the new generation SGN encoder. Amber uses CRC32_API and IAT_API for inconspicuously resolving the Windows API function addresses. After the PE file is loaded and executed in memory, the reflective payload is erased for evading memory scanners.

Developed By Ege Balcı @PRODAFT.

Installation

Pre-compiled binaries can be found under releases.

Building From Source

The only dependency for building the source is the keystone engine, follow these instructions for installing the library. Once libkeystone is installed on the system, simply just go get it ツ

go get github.com/EgeBalci/amber

Docker Install

Docker

docker pull egee/amber
docker run -it egee/amber

Usage

The following table lists switches supported by the amber.

Switch Type Description
-b,--build bool Build EXE stub that executes the generated reflective payload
-e int Number of times to encode the generated reflective payload
-f,--file string Input PE file.
-iat bool Use IAT API resolver block instead of CRC API resolver block
-ignore-checks bool Ignore integrity check errors.
-max int Maximum number of bytes for obfuscation (default 5)
-s,--stub string Use custom stub file for executing the generated reflective payload (currently very unstable)

Example Usage

  • Generate reflective payload.
amber -f test.exe
  • Generate reflective payload and build EXE stub for executing it.
amber -build -f test.exe

Docker Usage

docker run -it -v /tmp/:/tmp/ amber -f /tmp/file.exe

Demo

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].