├── .gitignore ├── LICENSE ├── README.md ├── bypass ├── CreateFiber │ ├── README.md │ ├── img.png │ └── main.go ├── CreateProcess │ ├── README.md │ ├── img.png │ └── main.go ├── CreateProcessWithPipe │ └── main.go ├── CreateRemoteThread │ ├── img.png │ └── main.go ├── CreateRemoteThreadNative │ ├── img.png │ └── main.go ├── CreateThread │ ├── README.md │ ├── img.png │ └── main.go ├── CreateThreadNative │ ├── img.png │ └── main.go ├── EarlyBird │ └── main.go ├── EtwpCreateEtwThread │ ├── img.png │ └── main.go ├── HeapAlloc │ └── main.go ├── Hgate │ └── main.go ├── NtQueueApcThreadEx-Local │ └── main.go ├── README.md ├── RtlCreateUserThread │ └── main.go ├── ShellcodeUtils │ └── main.go ├── UuidFromString │ ├── img.png │ └── main.go ├── dpapi │ ├── demo │ │ └── main.go │ ├── dpapi.go │ └── main.go └── main.go ├── encry ├── main.go ├── util.go └── xor.go ├── gen ├── main.go ├── template │ ├── createThread │ └── syscall └── 使用说明.txt ├── go.mod ├── hello ├── README.md ├── img.png └── main.go ├── loader ├── loader.go ├── main.go └── utils.go ├── main.go ├── old └── main.go ├── sandbox └── sandbox.go ├── shellcode ├── bp.go └── main.go ├── shellcodeUtils └── README.md ├── test ├── test1 │ ├── README.md │ ├── img.png │ └── main.go ├── test2 │ └── main.go ├── test3 │ └── main.go ├── test4 │ └── main.go ├── test5 │ └── main.go ├── test6 │ └── main.go ├── test7 │ └── main.go └── test8 │ └── main.go └── tmp └── main.go /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/.gitignore -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/README.md -------------------------------------------------------------------------------- /bypass/CreateFiber/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/CreateFiber/README.md -------------------------------------------------------------------------------- /bypass/CreateFiber/img.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/CreateFiber/img.png -------------------------------------------------------------------------------- /bypass/CreateFiber/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/CreateFiber/main.go -------------------------------------------------------------------------------- /bypass/CreateProcess/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/CreateProcess/README.md -------------------------------------------------------------------------------- /bypass/CreateProcess/img.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/CreateProcess/img.png -------------------------------------------------------------------------------- /bypass/CreateProcess/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/CreateProcess/main.go -------------------------------------------------------------------------------- /bypass/CreateProcessWithPipe/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/CreateProcessWithPipe/main.go -------------------------------------------------------------------------------- /bypass/CreateRemoteThread/img.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/CreateRemoteThread/img.png -------------------------------------------------------------------------------- /bypass/CreateRemoteThread/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/CreateRemoteThread/main.go -------------------------------------------------------------------------------- /bypass/CreateRemoteThreadNative/img.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/CreateRemoteThreadNative/img.png -------------------------------------------------------------------------------- /bypass/CreateRemoteThreadNative/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/CreateRemoteThreadNative/main.go -------------------------------------------------------------------------------- /bypass/CreateThread/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/CreateThread/README.md -------------------------------------------------------------------------------- /bypass/CreateThread/img.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/CreateThread/img.png -------------------------------------------------------------------------------- /bypass/CreateThread/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/CreateThread/main.go -------------------------------------------------------------------------------- /bypass/CreateThreadNative/img.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/CreateThreadNative/img.png -------------------------------------------------------------------------------- /bypass/CreateThreadNative/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/CreateThreadNative/main.go -------------------------------------------------------------------------------- /bypass/EarlyBird/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/EarlyBird/main.go -------------------------------------------------------------------------------- /bypass/EtwpCreateEtwThread/img.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/EtwpCreateEtwThread/img.png -------------------------------------------------------------------------------- /bypass/EtwpCreateEtwThread/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/EtwpCreateEtwThread/main.go -------------------------------------------------------------------------------- /bypass/HeapAlloc/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/HeapAlloc/main.go -------------------------------------------------------------------------------- /bypass/Hgate/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/Hgate/main.go -------------------------------------------------------------------------------- /bypass/NtQueueApcThreadEx-Local/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/NtQueueApcThreadEx-Local/main.go -------------------------------------------------------------------------------- /bypass/README.md: -------------------------------------------------------------------------------- 1 | 2 | 看大佬的代码,学习各种原理 -------------------------------------------------------------------------------- /bypass/RtlCreateUserThread/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/RtlCreateUserThread/main.go -------------------------------------------------------------------------------- /bypass/ShellcodeUtils/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/ShellcodeUtils/main.go -------------------------------------------------------------------------------- /bypass/UuidFromString/img.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/UuidFromString/img.png -------------------------------------------------------------------------------- /bypass/UuidFromString/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/UuidFromString/main.go -------------------------------------------------------------------------------- /bypass/dpapi/demo/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/dpapi/demo/main.go -------------------------------------------------------------------------------- /bypass/dpapi/dpapi.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/dpapi/dpapi.go -------------------------------------------------------------------------------- /bypass/dpapi/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/dpapi/main.go -------------------------------------------------------------------------------- /bypass/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/bypass/main.go -------------------------------------------------------------------------------- /encry/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/encry/main.go -------------------------------------------------------------------------------- /encry/util.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/encry/util.go -------------------------------------------------------------------------------- /encry/xor.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/encry/xor.go -------------------------------------------------------------------------------- /gen/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/gen/main.go -------------------------------------------------------------------------------- /gen/template/createThread: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/gen/template/createThread -------------------------------------------------------------------------------- /gen/template/syscall: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/gen/template/syscall -------------------------------------------------------------------------------- /gen/使用说明.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/gen/使用说明.txt -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/go.mod -------------------------------------------------------------------------------- /hello/README.md: -------------------------------------------------------------------------------- 1 | hello world报毒 2 | 3 | ![](img.png) -------------------------------------------------------------------------------- /hello/img.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/hello/img.png -------------------------------------------------------------------------------- /hello/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/hello/main.go -------------------------------------------------------------------------------- /loader/loader.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/loader/loader.go -------------------------------------------------------------------------------- /loader/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/loader/main.go -------------------------------------------------------------------------------- /loader/utils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/loader/utils.go -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/main.go -------------------------------------------------------------------------------- /old/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/old/main.go -------------------------------------------------------------------------------- /sandbox/sandbox.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/sandbox/sandbox.go -------------------------------------------------------------------------------- /shellcode/bp.go: -------------------------------------------------------------------------------- 1 | package shellcode 2 | -------------------------------------------------------------------------------- /shellcode/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/shellcode/main.go -------------------------------------------------------------------------------- /shellcodeUtils/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/shellcodeUtils/README.md -------------------------------------------------------------------------------- /test/test1/README.md: -------------------------------------------------------------------------------- 1 | 加密payload进行bypass,未做反沙箱。 2 | 效果一般。 3 | 4 | ![](img.png) 5 | 6 | ```bash 7 | go build -ldflags="-s -w -H=windowsgui" -o main2.exe 8 | ``` 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /test/test1/img.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/test/test1/img.png -------------------------------------------------------------------------------- /test/test1/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/test/test1/main.go -------------------------------------------------------------------------------- /test/test2/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/test/test2/main.go -------------------------------------------------------------------------------- /test/test3/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/test/test3/main.go -------------------------------------------------------------------------------- /test/test4/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/test/test4/main.go -------------------------------------------------------------------------------- /test/test5/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/test/test5/main.go -------------------------------------------------------------------------------- /test/test6/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/test/test6/main.go -------------------------------------------------------------------------------- /test/test7/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/test/test7/main.go -------------------------------------------------------------------------------- /test/test8/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/test/test8/main.go -------------------------------------------------------------------------------- /tmp/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/GolangBypassAV/HEAD/tmp/main.go --------------------------------------------------------------------------------