{"id":21450773,"url":"https://github.com/cyb3rv1c/phantom","last_synced_at":"2025-07-14T21:32:27.156Z","repository":{"id":263638984,"uuid":"867690194","full_name":"Cyb3rV1c/Phantom","owner":"Cyb3rV1c","description":"XOR-encrypted shellcode injector for memory-based execution in remote processes, with integrated anti-analysis techniques.","archived":false,"fork":false,"pushed_at":"2024-10-11T16:02:34.000Z","size":66,"stargazers_count":1,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-11-19T16:54:00.382Z","etag":null,"topics":["anti-analysis","anti-debugging","cybersecurity","edr-evasion","evasion-techniques","redteaming","shellcode","xor-encryption"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Cyb3rV1c.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-04T14:32:01.000Z","updated_at":"2024-10-11T16:02:38.000Z","dependencies_parsed_at":"2024-11-19T17:04:03.718Z","dependency_job_id":null,"html_url":"https://github.com/Cyb3rV1c/Phantom","commit_stats":null,"previous_names":["cyb3rv1c/phantom"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cyb3rV1c%2FPhantom","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cyb3rV1c%2FPhantom/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cyb3rV1c%2FPhantom/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cyb3rV1c%2FPhantom/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Cyb3rV1c","download_url":"https://codeload.github.com/Cyb3rV1c/Phantom/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225998798,"owners_count":17557473,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anti-analysis","anti-debugging","cybersecurity","edr-evasion","evasion-techniques","redteaming","shellcode","xor-encryption"],"created_at":"2024-11-23T04:16:22.524Z","updated_at":"2024-11-23T04:16:23.939Z","avatar_url":"https://github.com/Cyb3rV1c.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Phantom\nAn Advanced tool for bypassing AV/EDR.\nThis project showcases a memory injection tool designed to deploy XOR-encrypted shellcode into remote processes.\nThe tool also incorporates multiple anti-analysis techniques, including virtual machine detection, debugger detection, and static analysis tools detection.\nThis tool can be used for advanced cybersecurity testing, allowing users to execute shellcode covertly in a controlled environment.\n\n\n\n\n# Features\n\n**[+] Obfuscation Techniques:** Employs XOR encryption to avoid signature-based detection.\n\n**[+] Memory Injection:** Allocates and manipulates memory for shellcode injection.\n\n**[+] Anti-Debugging/Anti-Sandboxing:** Validates environnement first to detect if its in a sandbox or if debuggers/analysis Tools are present.\n\n\n\n\n# Getting Started\n\n**Installation**\n\n\n1. Clone the repository:\n```\ngit clone https://github.com/Cyb3rV1c/Phantom\n```\n\n\n2. Build Release Xor_Encryptor.sln\n\n\n# Usage\n\n1. Add your .raw shellcode file in the same directory as the Xor_Encryptor Tool\n\n2. Execute the tool :\n\n```\n.\\Encryptor_xor.exe reverseshell.raw\n```\n3. Copy encrypted code from command prompt output \u0026 add it to phantom.sln\n\n4. Build Release Phantom Executable\n\n***Notice***: Make sure your shellcode has the same architecture as the environment you'll execute it in.\n\n# Example Output\n\n**Execution** \u0026 **Reverse Shell Confirmation**\n\n\n![Shellcode_Injected](https://github.com/user-attachments/assets/34738791-a780-4dd9-905c-763d72b76ed1)\n\n\n**Memory Dump**\n\n![In Memory](https://github.com/user-attachments/assets/dbfa3449-bce2-41d3-9196-9ea3cca788d6)\n\n\n# Technical Details\n\n**Virtual Machine Detection:**\nUtilizes GetSystemInfo() and GlobalMemoryStatusEx() to detect hardware characteristics, such as CPU cores and available RAM, which can help identify virtual environments.\n\n**Debugger Detection:**\nUses the Toolhelp API with CreateToolhelp32Snapshot(), Process32FirstW(), and Process32NextW() to scan for running processes and check for known debugger processes (like x64dbg, ida.exe, etc.).\n\n**Static Analysis Tools Detection:**\nSimilar to debugger detection, the Toolhelp API is also used to detect common analysis tools (e.g., ProcessHacker, PeStudio, ProcMon) by checking their process names.\n\n**Shellcode Injection:**\nRemote Process Injection via OpenProcess(), VirtualAllocEx(), WriteProcessMemory(), and CreateRemoteThread() to inject and execute XOR-encrypted shellcode into a remote process.\n\n**XOR Encryption/Decryption:**\nA simple XOR-based decryption routine is used to deobfuscate the shellcode before injection, providing a layer of evasion from static analysis.\n\n**Shellcode Encryption:**\n**Separate Tool:** A dedicated tool is provided for XOR encryption of shellcode to obfuscate it before integrating the shellcode in Phantom Tool.\n\n\n\n\n\n\n\n\n# Disclaimer\n**This project is intended for educational and research purposes only.**\n\nThe code provided in this repository is designed to help individuals understand and improve their knowledge of cybersecurity, ethical hacking, and malware analysis techniques. It must not be used for malicious purposes or in any environment where you do not have explicit permission from the owner.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyb3rv1c%2Fphantom","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcyb3rv1c%2Fphantom","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyb3rv1c%2Fphantom/lists"}