-
×代表无法免杀
-
√代表可以免杀
序号 | 项目地址 | 项目简介 | Microsoft Defender | 火绒 | 360安全卫士 | 卡巴斯基 | 时间 | 备注 |
---|---|---|---|---|---|---|---|---|
1 | https://github.com/Pizz33/JoJoLoader | 助力红队成员一键生成免杀木马,使用rust实现 (by_hyyrent) | × | √ | × | √ | 0708测试 | |
2 | https://github.com/Joe1sn/S-inject | DLL+Shellcode的Windows注入免杀工具 | 罗列各种方法,免杀推荐搭配其他技巧,要灵活使用 | |||||
3 | https://github.com/T4y1oR/RingQ | 一键免杀上线CS、fscan、mimikatz ... | × | √ | √ | × | 0709测试 | create.exe未开源 |
4 | https://github.com/HackerCalico/No_X_Memory_ShellCode_Loader | 无可执行权限加载 ShellCode | 并非直接生成免杀马 | |||||
5 | https://github.com/Cherno-x/dataBrawl | 一键生成免杀木马的 shellcode 免杀框架 | 大型活动期间暂停维护,已删除核心template | |||||
6 | https://github.com/A-little-dragon/GoBypassAV | Go语言编写的免杀工具,支持自动化随机加解密 | × | × | 0416issue | 未开源;执行命令时出错: exit status 1 | ||
7 | https://github.com/Cipher7/ApexLdr | 纯C代码开发的DLL载荷加载器 | 开源、makefile |
工具简称 | 概述 | 工具来源 | 下载路径 |
---|---|---|---|
x64dbg 中文版安装程序(Jan 6 2024).exe | 52pojie | ||
hellshell | 官方的加密或混淆shellcode | github | https://gitlab.com/ORCA000/hellshell/-/releases |
hellshell-网络版本 | github | https://github.com/SenSecurity/Hellshell-with-more-fuctionality | |
Dependencies.AheadLib.Plugin | 在dependencies上额外加了导出函数 | 看雪 | https://bbs.kanxue.com/thread-260874.htm |
Dependencies | github | https://github.com/lucasg/Dependencies | |
ChangeTimestamp.exe | 更改时间戳 | ||
sgn_windows_amd64_2.0.1 | 对二进制文件编码免杀shellcode | github | https://github.com/EgeBalci/sgn |
Resource Hacker | |||
BeaconEye_x64 | 通过扫描CobaltStrike中的内存特征,并进行Beacon Config扫描解析出对应的Beacon信息 | github | https://github.com/CCob/BeaconEye/releases |
Hunt-Sleeping-Beacons | github | https://github.com/thefLink/Hunt-Sleeping-Beacons | |
yara-master-2298-win64 | 分类恶意软件样本的工具 | github | https://github.com/VirusTotal/yara |
Windows_Trojan_CobaltStrike.yar | Elastic安全公司开源检测CobaltStrike的yara规则 | github | https://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_CobaltStrike.yar |
hollows_hunter64 | github | https://github.com/hasherezade/hollows_hunter | |
arsenal_kit | telegram | ||
DLLSpy | 检测正在运行的进程、服务及其二进制文件中的 DLL 劫持 | github | |
Process Hacker 2 | 查看进程 | ||
Alcatraz | 没下载, x64 二进制混淆器,能够混淆各种不同的 pe 文件 | github | https://github.com/weak1337/Alcatraz |
pestudio-9.58 | 查看文件熵值等信息,逆向等可用 | 官网下载 | https://www.winitor.com/download2 |
https://junkcode.gehaxelt.in/ | 垃圾代码生成器,降低熵值 | github | https://github.com/gehaxelt/PHP-C---JunkCodeGenerator |
sgn_windows_amd64_2.0.1 | 编码shellcode | github | |
ChangeTimestamp.exe | 改时间 | ||
SigThief | 把签名撕取下来 | github | https://github.com/secretsquirrel/SigThief |
Restorator2018 | 伪造图标 | https://www.sqlsec.com/tools.html | https://www.sqlsec.com/tools.html |
BeCyIconGrabber.exe | 伪造图标 | https://www.sqlsec.com/tools.html | https://www.sqlsec.com/tools.html |
SourcePoint | 自生成Malleable C2 profile | github | https://github.com/Tylous/SourcePoint |
S-inject | DLL+Shellcode的Windows注入免杀工具 | github | https://github.com/Joe1sn/S-inject |
RingQ | 免杀,exe2shellcode | github | https://github.com/T4y1oR/RingQ |
pe2shc.exe | pe_to_shellcode | github | https://github.com/hasherezade/pe_to_shellcode/ |
pengcode | exe转换成shellcode | github | https://github.com/Mephostophiles/PengCode |
SharpIncrease | 一种利用二进制填充来逃避 AV 的工具 | github | https://github.com/mertdas/SharpIncrease |
deoptimizer | 对shellcode进行反优化,rust | github | https://github.com/EgeBalci/deoptimizer |
DojoLoader | 用于快速原型逃避技术的通用 PE 加载器 | github | https://github.com/naksyn/DojoLoader |
FetchPayloadFromDummyFile | 使用偏移量数组构造有效载荷 | github | https://github.com/NUL0x4C/FetchPayloadFromDummyFile |