复现《EDR的梦魇:Storm-0978使用新型内核注入技术“Step Bear”》
☆161Oct 27, 2024Updated last year
Alternatives and similar repositories for APT_Step_Bear_Inject
Users that are interested in APT_Step_Bear_Inject are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- 通杀检测基于白文件patch黑代码的免杀技术的后门☆181Aug 3, 2024Updated last year
- 重构Beacon☆166Aug 19, 2024Updated last year
- A tool for automatic patch shellcode into binary file to bypass AV. / 一个自动patch shellcode到二进制文件的工具☆568Apr 8, 2026Updated last week
- beta☆119Sep 24, 2024Updated last year
- about how to make a anti-virus engine☆108May 22, 2025Updated 10 months ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Self Cleanup in post-ex job☆59Sep 10, 2024Updated last year
- Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThrea…☆1,311Jun 21, 2024Updated last year
- ebpf WebShell/内核马,一种新型内核马/WebShell技术☆353Jan 8, 2024Updated 2 years ago
- 使用Visral Studio开发ShellCode☆241Oct 11, 2023Updated 2 years ago
- Binary Hollowing☆96Sep 10, 2024Updated last year
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆74Mar 16, 2026Updated last month
- ☆410Dec 8, 2024Updated last year
- ☆158Dec 13, 2024Updated last year
- 添加计划任务方法集合☆311Aug 6, 2023Updated 2 years ago
- Serverless GPU API endpoints on Runpod - Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- XOR decrypting shellcode using the GPU with OpenCL.☆122May 22, 2025Updated 10 months ago
- 戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑☆536Oct 25, 2023Updated 2 years ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆301Jul 31, 2024Updated last year
- 自动化找白文件,用于扫描 EXE 文件的导入表,列出导入的DLL文件,并筛选出非系统DLL,符合条件的文件将被复制到特定的 X64 或 X86 文件夹☆601Mar 24, 2026Updated 3 weeks ago
- 基于 OPSEC 的 CobaltStrike 后渗透自动化链☆454Mar 11, 2024Updated 2 years ago
- Rust 重构的 sRDI☆18Sep 9, 2024Updated last year
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆547Feb 13, 2024Updated 2 years ago
- 使用 rust 实现 CobaltStrike 的 beacon || Using Rust to implement CobaltStrike's Beacon☆201Jul 5, 2025Updated 9 months ago
- 一款linux下的安全产品目的是满足个人安全需求有SSH爆破防护和SYN攻击扫描防护功能,基于netfilter,☆23Dec 2, 2023Updated 2 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- 一款基于PE Patch技术的后渗透免杀工具,主要支持x64☆355Mar 5, 2025Updated last year
- 使用 Intel 虚拟化特性实��现应用层HOOK☆65Sep 11, 2025Updated 7 months ago
- A basic C2 framework written in C☆59Jul 7, 2024Updated last year
- Coffee is a loader for ELF (Executable and Linkable Format) object files written in Rust. Coffee是一个用Rust语言编写的ELF object文件的加载器☆63Apr 29, 2024Updated last year
- Generic PE loader for fast prototyping evasion techniques☆245Jul 2, 2024Updated last year
- Detect Beacon Powerful (Include CobatStrike 4.10 Aha~)☆21Oct 18, 2024Updated last year
- Loader Pre-Technology, Main thread hijacking without using API, get ntdll and kernel32 handle without peb. 加载器前置技术,不使用API进行主线程劫持,不使用PEB…☆92Jul 26, 2025Updated 8 months ago
- A BOF/COFF loader implemented in Go and CGO.☆23Jan 16, 2024Updated 2 years ago
- 收集云沙箱上线C2的ip,如微X、奇XX、3X0、virustX等☆125Oct 23, 2023Updated 2 years ago
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- Take a screenshot without injection for Cobalt Strike☆205Jun 7, 2023Updated 2 years ago
- WPTaskScheduler RPC Persistence & CVE-2024-49039 via Task Scheduler☆142Jul 21, 2025Updated 8 months ago
- Resolve the issue of DLLmain function in white and black DLLs hanging when calling shellcode☆205May 28, 2024Updated last year
- Pillager是一个适用于后渗透期间的信息收集工具☆1,278Sep 7, 2024Updated last year
- 主要用于隐藏进程真实路径,进程带windows真签名☆119Oct 15, 2024Updated last year
- COM ViewLogger — new malware keylogging technique☆407Jan 6, 2025Updated last year
- Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)☆145Mar 16, 2024Updated 2 years ago