├── LICENSE
├── README.md
└── image
    ├── image_BC4zEd3GH-.png
    ├── image_GH2IDQzed2.png
    ├── image_KncPG_TKA3.png
    ├── image_S9fTxuwOda.png
    ├── image_Y8tOth-udM.png
    ├── image_nZZlAOWHcX.png
    ├── image_oTw1KRPK6k.png
    └── image_xCFIiy1SDJ.png


/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2023 MDSEC
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # 鱼饵-SingleSC 10.25 红队免杀加载器分享
 2 | 
 3 | ## 目录
 4 | 
 5 | -   [免杀效果](#免杀效果)
 6 | -   [使用方法](#使用方法)
 7 | 
 8 | ## 免杀效果
 9 | 
10 | 于10.23 24日测试 360核晶与火绒均可过！
11 | 
12 | Bypass360核晶
13 | 
14 | ![](image/image_S9fTxuwOda.png)
15 | 
16 | Bypass火绒
17 | 
18 | ![](image/image_KncPG_TKA3.png)
19 | 
20 | 采用与SlientSC相同的shellcode加解密方法进行本地载荷存储，后通过WaitForSingleObject函数绕过拦截执行载荷。&#x20;
21 | 
22 | ## 使用方法
23 | 
24 | 首先在CS4.9中生成.C格式的shellcode
25 | 
26 | ![](image/image_BC4zEd3GH-.png)
27 | 
28 | 将所有shellcode取出，放入[encode.py](http://encode.py "encode.py")中的shellcode字符串中
29 | 
30 | ![](image/image_GH2IDQzed2.png)
31 | 
32 | 随后生成加密后密文，放入C++代码
33 | 
34 | ![](image/image_Y8tOth-udM.png)
35 | 
36 | ![](image/image_oTw1KRPK6k.png)
37 | 
38 | ![](image/image_xCFIiy1SDJ.png)
39 | 
40 | ![](image/image_nZZlAOWHcX.png)
41 | 


--------------------------------------------------------------------------------
/image/image_BC4zEd3GH-.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MD-SEC/SingleSC/5a1d958b23a1bdb691aba862f3fcad2d533a81a6/image/image_BC4zEd3GH-.png


--------------------------------------------------------------------------------
/image/image_GH2IDQzed2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MD-SEC/SingleSC/5a1d958b23a1bdb691aba862f3fcad2d533a81a6/image/image_GH2IDQzed2.png


--------------------------------------------------------------------------------
/image/image_KncPG_TKA3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MD-SEC/SingleSC/5a1d958b23a1bdb691aba862f3fcad2d533a81a6/image/image_KncPG_TKA3.png


--------------------------------------------------------------------------------
/image/image_S9fTxuwOda.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MD-SEC/SingleSC/5a1d958b23a1bdb691aba862f3fcad2d533a81a6/image/image_S9fTxuwOda.png


--------------------------------------------------------------------------------
/image/image_Y8tOth-udM.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MD-SEC/SingleSC/5a1d958b23a1bdb691aba862f3fcad2d533a81a6/image/image_Y8tOth-udM.png


--------------------------------------------------------------------------------
/image/image_nZZlAOWHcX.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MD-SEC/SingleSC/5a1d958b23a1bdb691aba862f3fcad2d533a81a6/image/image_nZZlAOWHcX.png


--------------------------------------------------------------------------------
/image/image_oTw1KRPK6k.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MD-SEC/SingleSC/5a1d958b23a1bdb691aba862f3fcad2d533a81a6/image/image_oTw1KRPK6k.png


--------------------------------------------------------------------------------
/image/image_xCFIiy1SDJ.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MD-SEC/SingleSC/5a1d958b23a1bdb691aba862f3fcad2d533a81a6/image/image_xCFIiy1SDJ.png


--------------------------------------------------------------------------------