Skip to content

haoami/BypassAvStudy

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

BypassAvStudy

rust 免杀记录学习

BypassAv_demo1

实现如下

  • BypassAv_demo1: uuid加载shellcode
  • BypassAv_demo1_2: 基础shellcode 执行
  • BypassAv_demo1_3: shellcode静态混淆加密 + 导入表混淆 + 禁用 Windows 事件跟踪,ETW禁用杀软和uuid加载器检测的比较频繁,最好不加

过360 火绒

vt检测出来了3个,加ETW禁用vt检测12个。。

BypassAv_demo2

  • BypassAv_demo2: 简单syscall示例,远程线程注入
  • BypassAv_demo2_1: syscall + apc注入

windows defender,卡巴,360,火绒运行时能成功上线,但后续的cs指令由于cs带有特征所以卡巴会检测出来。 成功上线

About

rust 免杀记录学习

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published