{"id":13791037,"url":"https://github.com/ntraiseharderror/kaiser","last_synced_at":"2025-05-12T09:33:53.971Z","repository":{"id":49810967,"uuid":"150523464","full_name":"NtRaiseHardError/Kaiser","owner":"NtRaiseHardError","description":"Fileless persistence, attacks and anti-forensic capabilties.","archived":false,"fork":false,"pushed_at":"2018-12-06T08:36:07.000Z","size":2308,"stargazers_count":86,"open_issues_count":0,"forks_count":33,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-11-18T05:38:38.311Z","etag":null,"topics":["anti-forensics","file-less","forensics","malware-research","persistence","powershell","security","winapi","wmi"],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/NtRaiseHardError.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-09-27T03:27:07.000Z","updated_at":"2024-11-11T09:07:14.000Z","dependencies_parsed_at":"2022-09-03T19:51:38.124Z","dependency_job_id":null,"html_url":"https://github.com/NtRaiseHardError/Kaiser","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NtRaiseHardError%2FKaiser","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NtRaiseHardError%2FKaiser/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NtRaiseHardError%2FKaiser/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NtRaiseHardError%2FKaiser/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/NtRaiseHardError","download_url":"https://codeload.github.com/NtRaiseHardError/Kaiser/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253709499,"owners_count":21951163,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anti-forensics","file-less","forensics","malware-research","persistence","powershell","security","winapi","wmi"],"created_at":"2024-08-03T22:00:54.643Z","updated_at":"2025-05-12T09:33:53.079Z","avatar_url":"https://github.com/NtRaiseHardError.png","language":"C","readme":"# Kaiser\nFile-less persistence, attacks and anti-forensic capabilities (Windows 7 32-bit).\n\n**NOTE**: This project was **NOT** designed to evade AV detection.\n\nRelated paper: https://github.com/NtRaiseHardError/NtRaiseHardError.github.io/blob/master/_posts/2018-12-06-Anti-forensic-Malware-and-File-less-Malware.md\n\n**This project is discontinued.**\n\n## How to Build/Use:\n\n1. Compile _Kaiser.dll_ in Release mode\n2. Upload _Kaiser.dll_ such that it can be directly downloaded as a raw binary\n3. Update the _BuildKaiser.ps1_ script to include the URL for _Kaiser.dll_\n4. Run _BuildKaiser.ps1_ to build the _Payload.ps1_ script\n5. Upload the _Payload.ps1_ script such that it can be directly downloaded as raw text\n6. Update the _BuildKaiser.ps1_ script to include the URL of _Payload.ps1_\n7. Run _BuildKaiser.ps1_ to build the _Installer.ps1_ script\n8. Run the _Installer.ps1_ script with administrative privileges on the target machine\n\n## Known bugs:\n\n* Threaded `XxxNetSend` sends will buffer (reason unknown)\n* `PurgeXxx` functions are not guaranteed to work (perhaps this is because it uses `ShellExecuteEx`\n* More?\n\n## TODO\n\n* `CommandPrintStatus` to print the status of Kaiser?\n* Convert functions in `firewall.c` to WinAPI\n* [OPTIONAL] Make C2 connection loop until established\n*  Convert Functions in `registry.c` to WinAPI\n* Send debugging warnings/errors back to C2\n* Make `PurgeProcessMonitor` asynchronous (`IWbemServices::ExecNotificationQueryAsync`)\n","funding_links":[],"categories":["Tools","\u003ca id=\"bd015dd7245b420dca75a267133ddce3\"\u003e\u003c/a\u003e反取证"],"sub_categories":["Hiding process"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fntraiseharderror%2Fkaiser","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fntraiseharderror%2Fkaiser","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fntraiseharderror%2Fkaiser/lists"}