BypassAvStudy Save Abandoned

rust 免杀记录学习

Project README

BypassAvStudy

rust 免杀记录学习

BypassAv_demo1

实现如下

BypassAv_demo1: uuid加载shellcode
BypassAv_demo1_2：基础shellcode 执行
BypassAv_demo1_3： shellcode静态混淆加密 + 导入表混淆 + 禁用 Windows 事件跟踪，ETW禁用杀软和uuid加载器检测的比较频繁，最好不加

过360 火绒

vt检测出来了3个，加ETW禁用vt检测12个。。

BypassAv_demo2

BypassAv_demo2：简单syscall示例，远程线程注入
BypassAv_demo2_1: syscall + apc注入

windows defender，卡巴，360，火绒运行时能成功上线，但后续的cs指令由于cs带有特征所以卡巴会检测出来。成功上线

Open Source Agenda is not affiliated with "BypassAvStudy" Project. README Source: haoami/BypassAvStudy

Stars

Open Issues

Last Commit

5 months ago

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/bypassavstudy"><img src="https://www.opensourceagenda.com/projects/bypassavstudy/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022