{"id":13813235,"url":"https://github.com/midisec/BypassAnti-Virus","last_synced_at":"2025-05-14T22:32:17.298Z","repository":{"id":37478272,"uuid":"460823945","full_name":"midisec/BypassAnti-Virus","owner":"midisec","description":"免杀姿势学习、记录、复现。","archived":false,"fork":false,"pushed_at":"2022-07-10T10:34:43.000Z","size":1068,"stargazers_count":802,"open_issues_count":1,"forks_count":148,"subscribers_count":21,"default_branch":"main","last_synced_at":"2024-11-19T07:41:26.258Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/midisec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-02-18T11:20:58.000Z","updated_at":"2024-10-04T09:18:52.000Z","dependencies_parsed_at":"2022-07-12T16:18:37.057Z","dependency_job_id":null,"html_url":"https://github.com/midisec/BypassAnti-Virus","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/midisec%2FBypassAnti-Virus","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/midisec%2FBypassAnti-Virus/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/midisec%2FBypassAnti-Virus/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/midisec%2FBypassAnti-Virus/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/midisec","download_url":"https://codeload.github.com/midisec/BypassAnti-Virus/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254239938,"owners_count":22037797,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T04:01:08.630Z","updated_at":"2025-05-14T22:32:12.274Z","avatar_url":"https://github.com/midisec.png","language":"C++","funding_links":[],"categories":["杀毒免杀、逆向工程","C++"],"sub_categories":["网络服务_其他"],"readme":"# Bypass Anti-Virus\n\n**我也是一个小白，很喜欢免杀技术，自己琢磨、研究、复现了几种绕过杀软的姿势，分享给大家。**\n\n**郑重声明：文中所涉及的技术、思路和工具仅供以安全为目的的学习交流使用，任何人不得将其用于非法用途以及盈利等目的，否则后果自行承担！**\n\n\n\n## 上手指南\n\n通过下表选择你感兴趣的免杀方式\n\n| 序号 | 免杀方式                                                     | VT查杀率(avg) | 时间       | 火绒 | 360  | 腾讯 | 代码实现 |\n| ---- | ------------------------------------------------------------ | ------------- | ---------- | ---- | ---- | ---- | -------- |\n| 1    | [回调函数（及改进）](https://github.com/midisec/BypassAnti-Virus/tree/main/callback) | 2/68          | 2022-02-18 | √    | √    | √    | c++      |\n| 2    | [隐藏导入表](https://github.com/midisec/BypassAnti-Virus/tree/main/hide_Import_tables) | 8/68          | 2022-07-10 | √    | √    | √    | c++      |\n| 3    |                                                              |               |            |      |      |      |          |\n\n\n\n\n\n## 更新消息\n\n2022-02-18\n\n* 通过[回调函数](https://github.com/midisec/BypassAnti-Virus/tree/main/callback)加载恶意shellcode（c++）\n* 新增UUID方式，通过回调函数加载shellcode（c++）\n* 新增BASE64编码+UUID方式，通过回调函数加载shellcode（c++）\n\n2022-02-21\n\n* 新增[IPV6方式](https://github.com/midisec/BypassAnti-Virus/tree/main/callback/v0.3)，通过回调函数加载shellcode（c++）\n* 新增[MAC方式](https://github.com/midisec/BypassAnti-Virus/tree/main/callback/v0.4)，通过回调函数加载shellcode（c++）\n\n2022-03-07\n* 新增[IPV4方式](https://github.com/midisec/BypassAnti-Virus/tree/main/callback/v0.5)，通过回调函数加载shellcode（c++）\n\n2022-03-08\n\n* 新增13种[可利用的回调函数](https://github.com/midisec/BypassAnti-Virus/tree/main/callback#%E5%8F%AF%E5%88%A9%E7%94%A8%E7%9A%84%E5%9B%9E%E8%B0%83%E5%87%BD%E6%95%B0)加载shellcode（c++）\n\n2022-07-10\n\n* 通过[隐藏导入表的方式](https://github.com/midisec/BypassAnti-Virus/tree/main/hide_Import_tables)绕过部分敏感函数调用静态查杀（c++）\n\n\n\n## 贡献者\n\n\u003ca href=\"https://github.com/midisec/BypassAnti-Virus/graphs/contributors\"\u003e\u003cimg src=\"./images/contributors.svg\" /\u003e\u003c/a\u003e\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmidisec%2FBypassAnti-Virus","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmidisec%2FBypassAnti-Virus","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmidisec%2FBypassAnti-Virus/lists"}