├── AntiDebugNOPACKAGE ├── AntiDebug.go └── readme.md ├── AntiDebugPackage ├── GoDefenderLogo.png ├── README.md └── main.go ├── BatchfileDeobfuscator ├── image-1.png ├── image.png ├── main.go └── readme.md ├── CreateDLL ├── CreateDLL.go └── README.md ├── EDR-XDR-AV-Killer ├── README.md ├── Terminator.sys ├── go.mod ├── go.sum └── main.go ├── ETWBypass └── main.go ├── Early_Bird_APC_Injection └── Early_Bird_APC_Injection.go ├── GoDLLInjector └── Injector.go ├── GoObfuscator ├── GoFuscator.go └── readme.md ├── GoRedOps.png ├── Keylogger ├── main.go └── readme.md ├── LICENSE ├── Lifetime-AMSI-ETW-Bypass └── main.go ├── LifetimeAMSIBypass ├── main.go └── readme.md ├── Local_Mapping_Injection └── Local_Mapping_Injection.go ├── Local_Payload_Execution └── Local_Payload_Execution.go ├── PEParser ├── main.go └── readme.md ├── ParentPIDSpoofing ├── main.go └── readme.md ├── Payload_Execution_Fibers ├── Payload_Execution_Fibers.go └── payload_exec_fibers.c ├── Payload_Placement ├── Payload_Placement.go └── Payload_Placement_Wrapper.c ├── Process_Injection_Shellcode ├── ProcInjMapper.c ├── ProcInjMapper.h ├── Process_Injection_Shellcode.go └── build.bat ├── ProtectProcess ├── ProtectProcess.go └── readme.md ├── README.md ├── Registry_Shellcode ├── Reg_Wrapper.c ├── Registry_Shellcode.go └── build.bat ├── Remote_Function_Stomping_Injection ├── RemoteFuncMapper.c ├── RemoteFuncMapper.h ├── Remote_Function_Stomping_Injection.go └── build.bat ├── Remote_Mapping_Injection ├── Remote_Mapper.c └── Remote_Mapping_Injection.go ├── Remote_Thread_Hijacking ├── Remote_Thread_Hijacking.go └── remote_thread_hijacking.c ├── RunPE ├── main.go └── pkg │ └── runpe.go ├── Threadless_Injection ├── Threadless_Injection.go ├── build.bat ├── threadless_injection_wrapper.c ├── threadless_injection_wrapper.def └── threadless_injection_wrapper.h ├── crypto ├── aes.go ├── chacha20.go ├── rc4.go └── xor.go ├── injection_native_apc └── main.go ├── injection_thread ├── createThread │ └── main.go └── ntCreateThreadEx │ └── main.go ├── instrumentation_callback └── main.go ├── misc └── convert_to_golang_shellcode_format.sh ├── network ├── http │ ├── client.go │ └── server.go ├── pipes │ ├── client.go │ └── sever.go └── tcp │ ├── client.go │ └── server.go ├── process_dump └── process_dump.go ├── sandbox └── fingerprint.go ├── self_remove └── self_remove.go ├── srdi └── srdi.go ├── token ├── impersonate.go └── list.go └── wmi └── wmi.go /AntiDebugNOPACKAGE/AntiDebug.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/AntiDebugNOPACKAGE/AntiDebug.go -------------------------------------------------------------------------------- /AntiDebugNOPACKAGE/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/AntiDebugNOPACKAGE/readme.md -------------------------------------------------------------------------------- /AntiDebugPackage/GoDefenderLogo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/AntiDebugPackage/GoDefenderLogo.png -------------------------------------------------------------------------------- /AntiDebugPackage/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/AntiDebugPackage/README.md -------------------------------------------------------------------------------- /AntiDebugPackage/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/AntiDebugPackage/main.go -------------------------------------------------------------------------------- /BatchfileDeobfuscator/image-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/BatchfileDeobfuscator/image-1.png -------------------------------------------------------------------------------- /BatchfileDeobfuscator/image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/BatchfileDeobfuscator/image.png -------------------------------------------------------------------------------- /BatchfileDeobfuscator/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/BatchfileDeobfuscator/main.go -------------------------------------------------------------------------------- /BatchfileDeobfuscator/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/BatchfileDeobfuscator/readme.md -------------------------------------------------------------------------------- /CreateDLL/CreateDLL.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/CreateDLL/CreateDLL.go -------------------------------------------------------------------------------- /CreateDLL/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/CreateDLL/README.md -------------------------------------------------------------------------------- /EDR-XDR-AV-Killer/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/EDR-XDR-AV-Killer/README.md -------------------------------------------------------------------------------- /EDR-XDR-AV-Killer/Terminator.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/EDR-XDR-AV-Killer/Terminator.sys -------------------------------------------------------------------------------- /EDR-XDR-AV-Killer/go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/EDR-XDR-AV-Killer/go.mod -------------------------------------------------------------------------------- /EDR-XDR-AV-Killer/go.sum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/EDR-XDR-AV-Killer/go.sum -------------------------------------------------------------------------------- /EDR-XDR-AV-Killer/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/EDR-XDR-AV-Killer/main.go -------------------------------------------------------------------------------- /ETWBypass/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/ETWBypass/main.go -------------------------------------------------------------------------------- /Early_Bird_APC_Injection/Early_Bird_APC_Injection.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Early_Bird_APC_Injection/Early_Bird_APC_Injection.go -------------------------------------------------------------------------------- /GoDLLInjector/Injector.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/GoDLLInjector/Injector.go -------------------------------------------------------------------------------- /GoObfuscator/GoFuscator.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/GoObfuscator/GoFuscator.go -------------------------------------------------------------------------------- /GoObfuscator/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/GoObfuscator/readme.md -------------------------------------------------------------------------------- /GoRedOps.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/GoRedOps.png -------------------------------------------------------------------------------- /Keylogger/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Keylogger/main.go -------------------------------------------------------------------------------- /Keylogger/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Keylogger/readme.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/LICENSE -------------------------------------------------------------------------------- /Lifetime-AMSI-ETW-Bypass/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Lifetime-AMSI-ETW-Bypass/main.go -------------------------------------------------------------------------------- /LifetimeAMSIBypass/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/LifetimeAMSIBypass/main.go -------------------------------------------------------------------------------- /LifetimeAMSIBypass/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/LifetimeAMSIBypass/readme.md -------------------------------------------------------------------------------- /Local_Mapping_Injection/Local_Mapping_Injection.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Local_Mapping_Injection/Local_Mapping_Injection.go -------------------------------------------------------------------------------- /Local_Payload_Execution/Local_Payload_Execution.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Local_Payload_Execution/Local_Payload_Execution.go -------------------------------------------------------------------------------- /PEParser/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/PEParser/main.go -------------------------------------------------------------------------------- /PEParser/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/PEParser/readme.md -------------------------------------------------------------------------------- /ParentPIDSpoofing/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/ParentPIDSpoofing/main.go -------------------------------------------------------------------------------- /ParentPIDSpoofing/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/ParentPIDSpoofing/readme.md -------------------------------------------------------------------------------- /Payload_Execution_Fibers/Payload_Execution_Fibers.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Payload_Execution_Fibers/Payload_Execution_Fibers.go -------------------------------------------------------------------------------- /Payload_Execution_Fibers/payload_exec_fibers.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Payload_Execution_Fibers/payload_exec_fibers.c -------------------------------------------------------------------------------- /Payload_Placement/Payload_Placement.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Payload_Placement/Payload_Placement.go -------------------------------------------------------------------------------- /Payload_Placement/Payload_Placement_Wrapper.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Payload_Placement/Payload_Placement_Wrapper.c -------------------------------------------------------------------------------- /Process_Injection_Shellcode/ProcInjMapper.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Process_Injection_Shellcode/ProcInjMapper.c -------------------------------------------------------------------------------- /Process_Injection_Shellcode/ProcInjMapper.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Process_Injection_Shellcode/ProcInjMapper.h -------------------------------------------------------------------------------- /Process_Injection_Shellcode/Process_Injection_Shellcode.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Process_Injection_Shellcode/Process_Injection_Shellcode.go -------------------------------------------------------------------------------- /Process_Injection_Shellcode/build.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | go build -o ProcInj.exe 3 | exit -------------------------------------------------------------------------------- /ProtectProcess/ProtectProcess.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/ProtectProcess/ProtectProcess.go -------------------------------------------------------------------------------- /ProtectProcess/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/ProtectProcess/readme.md -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/README.md -------------------------------------------------------------------------------- /Registry_Shellcode/Reg_Wrapper.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Registry_Shellcode/Reg_Wrapper.c -------------------------------------------------------------------------------- /Registry_Shellcode/Registry_Shellcode.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Registry_Shellcode/Registry_Shellcode.go -------------------------------------------------------------------------------- /Registry_Shellcode/build.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Registry_Shellcode/build.bat -------------------------------------------------------------------------------- /Remote_Function_Stomping_Injection/RemoteFuncMapper.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Remote_Function_Stomping_Injection/RemoteFuncMapper.c -------------------------------------------------------------------------------- /Remote_Function_Stomping_Injection/RemoteFuncMapper.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Remote_Function_Stomping_Injection/RemoteFuncMapper.h -------------------------------------------------------------------------------- /Remote_Function_Stomping_Injection/Remote_Function_Stomping_Injection.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Remote_Function_Stomping_Injection/Remote_Function_Stomping_Injection.go -------------------------------------------------------------------------------- /Remote_Function_Stomping_Injection/build.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Remote_Function_Stomping_Injection/build.bat -------------------------------------------------------------------------------- /Remote_Mapping_Injection/Remote_Mapper.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Remote_Mapping_Injection/Remote_Mapper.c -------------------------------------------------------------------------------- /Remote_Mapping_Injection/Remote_Mapping_Injection.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Remote_Mapping_Injection/Remote_Mapping_Injection.go -------------------------------------------------------------------------------- /Remote_Thread_Hijacking/Remote_Thread_Hijacking.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Remote_Thread_Hijacking/Remote_Thread_Hijacking.go -------------------------------------------------------------------------------- /Remote_Thread_Hijacking/remote_thread_hijacking.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Remote_Thread_Hijacking/remote_thread_hijacking.c -------------------------------------------------------------------------------- /RunPE/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/RunPE/main.go -------------------------------------------------------------------------------- /RunPE/pkg/runpe.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/RunPE/pkg/runpe.go -------------------------------------------------------------------------------- /Threadless_Injection/Threadless_Injection.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Threadless_Injection/Threadless_Injection.go -------------------------------------------------------------------------------- /Threadless_Injection/build.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Threadless_Injection/build.bat -------------------------------------------------------------------------------- /Threadless_Injection/threadless_injection_wrapper.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Threadless_Injection/threadless_injection_wrapper.c -------------------------------------------------------------------------------- /Threadless_Injection/threadless_injection_wrapper.def: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Threadless_Injection/threadless_injection_wrapper.def -------------------------------------------------------------------------------- /Threadless_Injection/threadless_injection_wrapper.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/Threadless_Injection/threadless_injection_wrapper.h -------------------------------------------------------------------------------- /crypto/aes.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/crypto/aes.go -------------------------------------------------------------------------------- /crypto/chacha20.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/crypto/chacha20.go -------------------------------------------------------------------------------- /crypto/rc4.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/crypto/rc4.go -------------------------------------------------------------------------------- /crypto/xor.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/crypto/xor.go -------------------------------------------------------------------------------- /injection_native_apc/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/injection_native_apc/main.go -------------------------------------------------------------------------------- /injection_thread/createThread/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/injection_thread/createThread/main.go -------------------------------------------------------------------------------- /injection_thread/ntCreateThreadEx/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/injection_thread/ntCreateThreadEx/main.go -------------------------------------------------------------------------------- /instrumentation_callback/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/instrumentation_callback/main.go -------------------------------------------------------------------------------- /misc/convert_to_golang_shellcode_format.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/misc/convert_to_golang_shellcode_format.sh -------------------------------------------------------------------------------- /network/http/client.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/network/http/client.go -------------------------------------------------------------------------------- /network/http/server.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/network/http/server.go -------------------------------------------------------------------------------- /network/pipes/client.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/network/pipes/client.go -------------------------------------------------------------------------------- /network/pipes/sever.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/network/pipes/sever.go -------------------------------------------------------------------------------- /network/tcp/client.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/network/tcp/client.go -------------------------------------------------------------------------------- /network/tcp/server.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/network/tcp/server.go -------------------------------------------------------------------------------- /process_dump/process_dump.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/process_dump/process_dump.go -------------------------------------------------------------------------------- /sandbox/fingerprint.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/sandbox/fingerprint.go -------------------------------------------------------------------------------- /self_remove/self_remove.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/self_remove/self_remove.go -------------------------------------------------------------------------------- /srdi/srdi.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/srdi/srdi.go -------------------------------------------------------------------------------- /token/impersonate.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/token/impersonate.go -------------------------------------------------------------------------------- /token/list.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/token/list.go -------------------------------------------------------------------------------- /wmi/wmi.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EvilBytecode/GoRedOps/HEAD/wmi/wmi.go --------------------------------------------------------------------------------