huoji120/APT_Step_Bear_Inject external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

huoji120/APT_Step_Bear_Inject

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/huoji120/APT_Step_Bear_Inject)

Close

huoji120 / APT_Step_Bear_InjectView on GitHubMore

• External links
• Readme badge

复现《EDR的梦魇：Storm-0978使用新型内核注入技术“Step Bear”》

☆161Oct 27, 2024Updated last year

Alternatives and similar repositories for APT_Step_Bear_Inject

Users that are interested in APT_Step_Bear_Inject are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• huoji120 / white_patch_detect

  View on GitHub
  通杀检测基于白文件patch黑代码的免杀技术的后门
  ☆182Aug 3, 2024Updated last year
• M0nster3 / Beacon

  View on GitHub
  重构Beacon
  ☆165Aug 19, 2024Updated last year
• yj94 / BinarySpy

  View on GitHub
  一个手动或自动patch shellcode到二进制文件的免杀工具/A tool for manual or automatic patch shellcode into binary file oder to bypass AV.
  ☆564May 30, 2025Updated 9 months ago
• TianNaYa / ProxyDll

  View on GitHub
  beta
  ☆119Sep 24, 2024Updated last year
• huoji120 / awesome_anti_virus_engine

  View on GitHub
  about how to make a anti-virus engine
  ☆107May 22, 2025Updated 10 months ago
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• CBLabresearch / PhantomExecution

  View on GitHub
  Self Cleanup in post-ex job
  ☆59Sep 10, 2024Updated last year
• myzxcg / RealBlindingEDR

  View on GitHub
  Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThrea…
  ☆1,296Jun 21, 2024Updated last year
• veo / ebpf_shell

  View on GitHub
  ebpf WebShell/内核马，一种新型内核马/WebShell技术
  ☆353Jan 8, 2024Updated 2 years ago
• clownfive / CppDevShellcode

  View on GitHub
  使用Visral Studio开发ShellCode
  ☆239Oct 11, 2023Updated 2 years ago
• timwhitez / BinHol

  View on GitHub
  Binary Hollowing
  ☆95Sep 10, 2024Updated last year
• howmp / donut_ollvm

  View on GitHub
  Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…
  ☆71Mar 16, 2026Updated last week
• rad9800 / BootExecuteEDR

  View on GitHub
  ☆409Dec 8, 2024Updated last year
• rad9800 / FileRenameJunctionsEDRDisable

  View on GitHub
  ☆158Dec 13, 2024Updated last year
• evilashz / PigScheduleTask

  View on GitHub
  添加计划任务方法集合
  ☆310Aug 6, 2023Updated 2 years ago
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• eversinc33 / GpuDecryptShellcode

  View on GitHub
  XOR decrypting shellcode using the GPU with OpenCL.
  ☆121May 22, 2025Updated 10 months ago
• RoomaSec / RmEye

  View on GitHub
  戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
  ☆536Oct 25, 2023Updated 2 years ago
• WKL-Sec / LayeredSyscall

  View on GitHub
  Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …
  ☆301Jul 31, 2024Updated last year
• lintstar / CS-AutoPostChain

  View on GitHub
  基于 OPSEC 的 CobaltStrike 后渗透自动化链
  ☆451Mar 11, 2024Updated 2 years ago
• qi4L / sRDI-rs

  View on GitHub
  Rust 重构的 sRDI
  ☆17Sep 9, 2024Updated last year
• MalwareTech / EDR-Preloader

  View on GitHub
  An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
  ☆544Feb 13, 2024Updated 2 years ago
• fdx-xdf / Rust_Beacon

  View on GitHub
  使用 rust 实现 CobaltStrike 的 beacon || Using Rust to implement CobaltStrike's Beacon
  ☆201Jul 5, 2025Updated 8 months ago
• ImCoriander / ZeroEye

  View on GitHub
  自动化找白文件，用于扫描 EXE 文件的导入表，列出导入的DLL文件，并筛选出非系统DLL，符合条件的文件将被复制到特定的 X64 或 X86 文件夹
  ☆565Dec 14, 2025Updated 3 months ago
• huoji120 / safe_duck

  View on GitHub
  一款linux下的安全产品目的是满足个人安全需求有SSH爆破防护和SYN攻击扫描防护功能,基于netfilter,
  ☆23Dec 2, 2023Updated 2 years ago
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• yinsel / BypassAV

  View on GitHub
  一款基于PE Patch技术的后渗透免杀工具，主要支持x64
  ☆355Mar 5, 2025Updated last year
• NoHeart2019 / KasR3Hook

  View on GitHub
  使用 Intel 虚拟化特性实现应用层HOOK
  ☆66Sep 11, 2025Updated 6 months ago
• KiExitDispatcher / EDR-XDR-AV-Killer

  View on GitHub
  Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver
  ☆293Apr 21, 2025Updated 11 months ago
• fern89 / C2

  View on GitHub
  A basic C2 framework written in C
  ☆59Jul 7, 2024Updated last year
• Sndav / coffee

  View on GitHub
  Coffee is a loader for ELF (Executable and Linkable Format) object files written in Rust. Coffee是一个用Rust语言编写的ELF object文件的加载器
  ☆63Apr 29, 2024Updated last year
• naksyn / DojoLoader

  View on GitHub
  Generic PE loader for fast prototyping evasion techniques
  ☆245Jul 2, 2024Updated last year
• kyxiaxiang / DetectCobaltStrike

  View on GitHub
  Detect Beacon Powerful (Include CobatStrike 4.10 Aha~)
  ☆21Oct 18, 2024Updated last year
• miunasu / NTR_loader

  View on GitHub
  Loader Pre-Technology, Main thread hijacking without using API, get ntdll and kernel32 handle without peb. 加载器前置技术，不使用API进行主线程劫持，不使用PEB…
  ☆91Jul 26, 2025Updated 8 months ago
• parzel / GoBofRunner

  View on GitHub
  A BOF/COFF loader implemented in Go and CGO.
  ☆23Jan 16, 2024Updated 2 years ago
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• baiyies / ScreenshotBOFPlus

  View on GitHub
  Take a screenshot without injection for Cobalt Strike
  ☆203Jun 7, 2023Updated 2 years ago
• 0x727 / CloudSandbox

  View on GitHub
  收集云沙箱上线C2的ip，如微X、奇XX、3X0、virustX等
  ☆125Oct 23, 2023Updated 2 years ago
• je5442804 / WPTaskScheduler_CVE-2024-49039

  View on GitHub
  WPTaskScheduler RPC Persistence & CVE-2024-49039 via Task Scheduler
  ☆137Jul 21, 2025Updated 8 months ago
• Neo-Maoku / DllMainHijacking

  View on GitHub
  Resolve the issue of DLLmain function in white and black DLLs hanging when calling shellcode
  ☆203May 28, 2024Updated last year
• qwqdanchun / Pillager

  View on GitHub
  Pillager是一个适用于后渗透期间的信息收集工具
  ☆1,271Sep 7, 2024Updated last year
• qigpig / Ghosting-BOF

  View on GitHub
  主要用于隐藏进程真实路径，进程带windows真签名
  ☆119Oct 15, 2024Updated last year
• CICADA8-Research / Spyndicapped

  View on GitHub
  COM ViewLogger — new malware keylogging technique
  ☆408Jan 6, 2025Updated last year