Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/pureqh/bypassAV
免杀shellcode加载器
https://github.com/pureqh/bypassAV
Last synced: 3 months ago
JSON representation
免杀shellcode加载器
- Host: GitHub
- URL: https://github.com/pureqh/bypassAV
- Owner: pureqh
- Created: 2021-02-25T05:26:11.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2021-05-18T05:03:03.000Z (over 3 years ago)
- Last Synced: 2024-06-21T18:53:29.877Z (5 months ago)
- Language: Python
- Homepage:
- Size: 12.7 KB
- Stars: 444
- Watchers: 6
- Forks: 99
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - pureqh/bypassAV - 免杀shellcode加载器 (Python)
README
# bypassAV
条件触发式远控 VT 5/70 免杀国内杀软及defender、卡巴斯基等主流杀软
## 原理
https://pureqh.top/?p=5412
## use
1. 将shellcode填至go_shellcode_encode.py生成混淆后的base64 payload
2. 然后将生成的payload填至main.go build("b64shellcode")
3. 将main.go中的url替换为你vbs的某个网页或文本(局域网网页同样可以,但是需要程序可以正常使用时此网页需要可以访问)
4. 编译:go build -trimpath -ldflags="-w -s -H=windowsgui"
## 更新日志 2021/4/22
鉴于可能被标记特征,更新了随机生成go脚本的生成器,另外更改了编译命令,可以在exe中去除部分编译机器的信息了
目前查杀率为5/70