huoji120 / APT_Step_Bear_InjectView external linksLinks
复现《EDR的梦魇:Storm-0978使用新型内核注入技术“Step Bear”》
☆161Oct 27, 2024Updated last year
Alternatives and similar repositories for APT_Step_Bear_Inject
Users that are interested in APT_Step_Bear_Inject are comparing it to the libraries listed below
Sorting:
- 通杀检测基于白文件patch黑代码的免杀技术的后门☆181Aug 3, 2024Updated last year
- 重构Beacon☆164Aug 19, 2024Updated last year
- 一个手动或自动patch shellcode到二进制文件的免杀工具/A tool for manual or automatic patch shellcode into binary file oder to bypass AV.☆557May 30, 2025Updated 8 months ago
- beta☆120Sep 24, 2024Updated last year
- Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThrea…☆1,289Jun 21, 2024Updated last year
- about how to make a anti-virus engine☆106May 22, 2025Updated 8 months ago
- Self Cleanup in post-ex job☆59Sep 10, 2024Updated last year
- Binary Hollowing☆94Sep 10, 2024Updated last year
- ebpf WebShell/内核马,一种新型内核马/WebShell技术☆351Jan 8, 2024Updated 2 years ago
- 使用Visral Studio开发ShellCode☆234Oct 11, 2023Updated 2 years ago
- ☆409Dec 8, 2024Updated last year
- 基于 OPSEC 的 CobaltStrike 后渗透自动化链☆450Mar 11, 2024Updated last year
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆69Oct 10, 2025Updated 4 months ago
- ☆159Dec 13, 2024Updated last year
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆539Feb 13, 2024Updated 2 years ago
- XOR decrypting shellcode using the GPU with OpenCL.☆120May 22, 2025Updated 8 months ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆296Jul 31, 2024Updated last year
- 自动化找白文件,用于扫描 EXE 文件的导入表,列出导入的DLL文件,并筛选出非系统DLL,符合条件的文件将被复制到特定的 X64 或 X86 文件夹☆563Dec 14, 2025Updated 2 months ago
- 一款基于PE Patch技术的后渗透免杀工具,主要支持x64☆354Mar 5, 2025Updated 11 months ago
- 添加计划任务方法集合☆309Aug 6, 2023Updated 2 years ago
- Process injection alternative☆404Sep 6, 2024Updated last year
- Help red teams find opsec processes during engagements☆42Dec 7, 2024Updated last year
- 使用 rust 实现 CobaltStrike 的 beacon || Using Rust to implement CobaltStrike's Beacon☆200Jul 5, 2025Updated 7 months ago
- Pillager是一个适用于后渗透期间的信息收集工具☆1,266Sep 7, 2024Updated last year
- Take a screenshot without injection for Cobalt Strike☆203Jun 7, 2023Updated 2 years ago
- Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver☆294Apr 21, 2025Updated 9 months ago
- COM ViewLogger — new malware keylogging technique☆403Jan 6, 2025Updated last year
- 收集云沙箱上线C2的ip,如微X、奇XX、3X0、virustX等☆125Oct 23, 2023Updated 2 years ago
- Evasive loader to bypass static detection☆59Jan 15, 2024Updated 2 years ago
- Reflective DLL Injection Made Bella☆248Jan 6, 2025Updated last year
- 主要用于隐藏进程真实路径,进程带windows真签名☆119Oct 15, 2024Updated last year
- WPTaskScheduler RPC Persistence & CVE-2024-49039 via Task Scheduler☆135Jul 21, 2025Updated 6 months ago
- Resolve the issue of DLLmain function in white and black DLLs hanging when calling shellcode☆201May 28, 2024Updated last year
- Fully functional, from-scratch alternative to the Cobalt Strike Beacon (red teaming tool), offering transparency and flexibility for secu…☆259Mar 13, 2024Updated last year
- Generic PE loader for fast prototyping evasion techniques☆244Jul 2, 2024Updated last year
- 针对PE文件的分离的攻防对抗工具,红队、研究者的好帮手。目前支持文件头伪装、证书区段感染。A no-kill confrontation tool for the separation of PE files, a good helper for red teams and…☆287Aug 20, 2024Updated last year
- Beacon Object File (BOF) Template☆61Feb 6, 2026Updated last week
- UDRL for CS☆445Dec 3, 2023Updated 2 years ago
- Extracted Yara rules from Windows Defender mpavbase and mpasbase☆494Dec 22, 2025Updated last month